[ISN] Popular Linksys Router Vulnerable to Attack

From: InfoSec News (isnat_private)
Date: Sun Nov 03 2002 - 22:29:09 PST

Next message: InfoSec News: "Re: [ISN] Feds pursue secrecy for corporate victims of hacking"

Previous message: InfoSec News: "[ISN] IG: State Department flunks systems security"
Next in thread: InfoSec News: "Re: [ISN] Popular Linksys Router Vulnerable to Attack"
Reply: InfoSec News: "Re: [ISN] Popular Linksys Router Vulnerable to Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.eweek.com/article2/0,3959,663801,00.asp

By Dennis Fisher
November 1, 2002 

A denial-of-service vulnerability in one of the most popular cable and
DSL routers allows an attacker to crash the router from a remote
location.

The Linksys Group Inc.'s BEFSR41 EtherFast Cable/DSL Router with
4-Port Switch is vulnerable to a remote DoS attack that requires the
attacker to do nothing more than access a specific script on the
router's remote management interface. The vulnerability affects all of
the routers with firmware versions earlier than 1.42.7.

There is no patch available for the problem at this point, but
firmaware version 1.43 fixes the problem.

In order to exploit the vulnerability, an attacker would simply need
to access the Gozilla.cgi script using the router's IP address with no
arguments. As long as the router's remote management interface is
enabled, the attacker simply needs to craft a URL that looks like
this—http://192.168.1.1/Gozilla.cgi?\and send it to the router, which
would then crash, according to an advisory published Friday by
iDefense Inc., a security firm based in Chantilly, Va.

"Exploitation may be particularly dangerous, especially if the
router's remote management capability is enabled," the advisory said.  
"An attacker can trivially crash the router by directing the URL…to
its external interface."

In many cases, there is no reason for the remote management interface
to be enabled and disabling it serves as an easy defense against this
problem.

Linksys routers are used by many home workers to split broadband
connections among several computers.

A message on a security mailing list Friday from Mark Litchfield of
Next Generation Security Software Ltd. suggested that routers and
wireless access points from D-Link Systems Inc., and Linksys access
points are also vulnerable to a DoS condition.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "Re: [ISN] Feds pursue secrecy for corporate victims of hacking"
Previous message: InfoSec News: "[ISN] IG: State Department flunks systems security"
Next in thread: InfoSec News: "Re: [ISN] Popular Linksys Router Vulnerable to Attack"
Reply: InfoSec News: "Re: [ISN] Popular Linksys Router Vulnerable to Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 04 2002 - 00:50:50 PST