Full Disclosure mailing list archives
Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]
From: Tim <tim-security () sentinelchicken org>
Date: Thu, 4 Dec 2003 00:19:44 -0800
If you have one of these pieces of hardware, and you are worried about the holes in it, why not just patch/replace the binaries yourself: http://www.batbox.org/wrt54g-linux.html It took a while for Linksys to release their GPL-ed source, but they finally gave in to the community (and copyright law). Now there is a distro for it and the product has a good deal more utility. tim On Thu, Dec 04, 2003 at 01:41:54AM -0500, Jonathan A. Zdziarski wrote:
In a lot of cases, this would only be exploitable internally, since many configurations are set up not to allow access to the unit externally. But in any case, there are a lot of other ways to DoS these little residential boxes. Running macof (part of the dsniff package) will effectively shut down all traffic on the network. I'm sure arpspoof without forwarding would do the same thing. I'm surprised these things don't support something as basic as SSL for authentication (at least the model I've got doesn't) On Wed, 2003-12-03 at 23:42, Michael Renzmann wrote:Can anyone confirm if technically identical devices such as the Buffalo WBR-G54 share this vulnerability?_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] Michael Renzmann (Dec 03)
- Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] Jonathan A. Zdziarski (Dec 03)
- Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] Michael Renzmann (Dec 03)
- Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] Jonathan A. Zdziarski (Dec 03)
- Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] Tim (Dec 04)
- Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] Michael Renzmann (Dec 03)
- Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] kang () insecure ws (Dec 04)
- Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] Jonathan A. Zdziarski (Dec 03)