Linksys not fixed

From: Will (wreyorat_private)
Date: Mon Nov 25 2002 - 19:11:52 PST

Next message: dong-h0un U: "Remote POST Buffer Overflow vulnerability in Pserv."

Previous message: Matthias Andree: "bogofilter contrib/bogopass temp file vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nessus security scanner generated the following security report when
scanning the internal address of the linksys befsr11 firmware version
1.43.3, Nov 15 2002.


William Reyor
Topsight.net

NESSUS SECURITY SCAN REPORT

Created 25.11.2002  Sorted by vulnerabilities

Session Name : Session1
Start Time   : 25.11.2002 21:48:45
Finish Time  : 25.11.2002 22:03:17
Elapsed Time : 0 day(s) 00:14:31


Total security holes found : 4
             high severity : 4
              low severity : 0
             informational : 0


Scanned hosts:

Name                            High  Low   Info
------------------------------------------------
192.168.1.1                     4     0     0


Service: http (80/tcp)
Severity: High


It was possible to crash the remote modem by
telnetting to it on port 80 and by making
the following request :

    GET /login.htm?password=AA[...]AAA

To reactivate your modem, just reset it.

An attacker can use this to prevent your
network from connecting onto the internet.


Solution : change your ISDN modem.

Risk factor : High
CVE : CAN-1999-1533


Vulnerable hosts:
   192.168.1.1

--------------------------------------------------------------------------


Service: http (80/tcp)
Severity: High


There's a buffer overflow in the remote web server.

It is possible to overflow the remote web server and execute
commands as user SYSTEM.

See http://www.eeye.com/html/Research/Advisories/AD20010501.html
for more details.

Solution: See
http://www.microsoft.com/technet/security/bulletin/ms01-023.asp

Risk factor : High
CVE : CVE-2001-0241


Vulnerable hosts:
   192.168.1.1

--------------------------------------------------------------------------


Service: http (80/tcp)
Severity: High

It is possible to make the remote web server execute
arbitrary code by sending the following request :

 POST AA[...]AA/ HTTP/1.0

This problem may allow an attacker to execute arbitrary code on
the remote system or create a denial of service.

Solution : None at this time. Use another web server
Risk factor : High
CVE : CAN-2000-0626


Vulnerable hosts:
   192.168.1.1

--------------------------------------------------------------------------


Service: http (80/tcp)
Severity: High

It was possible to kill the web server by
sending an invalid request with a too long Cookie name or value

A cracker may exploit this vulnerability to make your web server
crash continually or even execute arbirtray code on your system.

Solution : upgrade your software or protect it with a filtering reverse
proxy
Risk factor : High

Vulnerable hosts:
   192.168.1.1

Next message: dong-h0un U: "Remote POST Buffer Overflow vulnerability in Pserv."
Previous message: Matthias Andree: "bogofilter contrib/bogopass temp file vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:34:54 PST