what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

idefense.BEFSR41.txt

idefense.BEFSR41.txt
Posted Nov 1, 2002
Authored by David Endler, Jeep 94 | Site idefense.com

iDEFENSE Security Advisory 10.31.2002 - The Linksys BEFSR41 EtherFast Cable/DSL Router contains a remote denial of service vulnerability if the remote management is enabled. Exploit URL included.

tags | remote, denial of service
SHA-256 | 02f580994b98ab9b30d3c28cb952de728cb78181fc1ac40e5a4e56e0d134a86e

idefense.BEFSR41.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 10.31.02a:
http://www.idefense.com/advisory/10.31.02a.txt
Denial of Service Vulnerability in Linksys BEFSR41 EtherFast
Cable/DSL Router
October 31, 2002

I. BACKGROUND

Linksys Group Inc.’s EtherFast Cable/DSL Router with 4-Port Switch
“is the perfect option to connect multiple PCs to a high-speed
Broadband Internet connection or to an Ethernet back-bone. Allowing
up to 253 users, the built-in NAT technology acts as a firewall
protecting your internal network." More information about it is
available at
http://www.linksys.com/products/product.asp?prid=20&grid=23.

II. DESCRIPTION

The BEFSR41 crashes if a remote and/or local attacker accesses the
script Gozila.cgi using the router’s IP address with no arguments.
Remote exploitation requires that the router's remote management be
enabled. A sample exploit looks as follows:

http://192.168.1.1/Gozila.cgi?

III. ANALYSIS

Exploitation may be particularly dangerous, especially if the
router’s remote management capability is enabled. An attacker can
trivially crash the router by directing the URL above to its external
interface. In general, little reason exists to allow the web
management feature to be accessible on the external interface of the
router. It is feasible that this type of vulnerability exists in
older firmware versions in other Linksys hardware.

IV. DETECTION

This vulnerability affects the BEFSR41 EtherFast Cable/DSL router
with firmware earlier than version 1.42.7.

V. RECOVERY

Pressing the reset button on the back of the router should restore
normal functionality.

VI. WORKAROUND

Ensure the remote web management feature is disabled, if unnecessary.

VII. VENDOR FIX

Firmware version 1.42.7 and later fix this problem. Version 1.43,
which is the latest available version, can be found at
http://www.linksys.com/download/firmware.asp?fwid=1.

VIII. CVE INFORMATION

The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project
has assigned the identification number CAN-2002-1236 to this issue.

IX. DISCLOSURE TIMELINE

08/27/2002 Issue disclosed to iDEFENSE
09/12/2002 Linksys notified
09/12/2002 iDEFENSE clients notified
09/13/2002 Response received from
maryann.gamboa@Linksys.com
09/19/2002 Status request from iDEFENSE
09/20/2002 Asked to delay advisory until
second level support can respond
10/20/2002 No response from second level support,
another status request to maryann.gamboa@Linksys.com
10/31/2002 Still no response from Linksys, public disclosure

X. CREDIT

Jeep 94 (lowjeep94@hotmail.com) is credited with discovering this
vulnerability.



Get paid for security research
http://www.idefense.com/contributor.html

Subscribe to iDEFENSE Advisories:
send email to listserv@idefense.com, subject line: "subscribe"


About iDEFENSE:

iDEFENSE is a global security intelligence company that proactively
monitors sources throughout the world — from technical
vulnerabilities and hacker profiling to the global spread of viruses
and other malicious code. Our security intelligence services provide
decision-makers, frontline security professionals and network
administrators with timely access to actionable intelligence
and decision support on cyber-related threats. For more information,
visit http://www.idefense.com.


- -dave

David Endler, CISSP
Director, Technical Intelligence
iDEFENSE, Inc.
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071

dendler@idefense.com
www.idefense.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4B0ACC2A

iQA/AwUBPcHhwErdNYRLCswqEQKdigCgrSe4Z3J6ygmcribEJMa2wezmk6QAoND7
EE5vWSvk+ZFP7jIvXEPBGjGe
=oTCt
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close