Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys

iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys

by Nikola Strahija on November 2nd, 2002 iDEFENSE Security Advisory 10.31.02a: http://www.idefense.com/advisory/10.31.02a.txt Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router October 31, 2002


I. BACKGROUND

Linksys Group Inc.ís EtherFast Cable/DSL Router with 4-Port Switch
ďis the perfect option to connect multiple PCs to a high-speed
Broadband Internet connection or to an Ethernet back-bone. Allowing
up to 253 users, the built-in NAT technology acts as a firewall
protecting your internal network." More information about it is
available at
http://www.linksys.com/products/product.asp?prid=20&grid=23.

II. DESCRIPTION

The BEFSR41 crashes if a remote and/or local attacker accesses the
script Gozila.cgi using the routerís IP address with no arguments.
Remote exploitation requires that the router's remote management be
enabled. A sample exploit looks as follows:

http://192.168.1.1/Gozila.cgi?

III. ANALYSIS

Exploitation may be particularly dangerous, especially if the
routerís remote management capability is enabled. An attacker can
trivially crash the router by directing the URL above to its external
interface. In general, little reason exists to allow the web
management feature to be accessible on the external interface of the
router. It is feasible that this type of vulnerability exists in
older firmware versions in other Linksys hardware.

IV. DETECTION

This vulnerability affects the BEFSR41 EtherFast Cable/DSL router
with firmware earlier than version 1.42.7.

V. RECOVERY

Pressing the reset button on the back of the router should restore
normal functionality.

VI. WORKAROUND

Ensure the remote web management feature is disabled, if unnecessary.

VII. VENDOR FIX

Firmware version 1.42.7 and later fix this problem. Version 1.43,
which is the latest available version, can be found at
http://www.linksys.com/download/firmware.asp?fwid=1.

VIII. CVE INFORMATION

The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project
has assigned the identification number CAN-2002-1236 to this issue.

IX. DISCLOSURE TIMELINE

08/27/2002 Issue disclosed to iDEFENSE
09/12/2002 Linksys notified
09/12/2002 iDEFENSE clients notified
09/13/2002 Response received from
[email protected]
09/19/2002 Status request from iDEFENSE
09/20/2002 Asked to delay advisory until
second level support can respond
10/20/2002 No response from second level support,
another status request to [email protected]
10/31/2002 Still no response from Linksys, public disclosure

X. CREDIT

Jeep 94 ([email protected]) is credited with discovering this
vulnerability.



Get paid for security research
http://www.idefense.com/contributor.html

Subscribe to iDEFENSE Advisories:
send email to [email protected], subject line: "subscribe"


About iDEFENSE:

iDEFENSE is a global security intelligence company that proactively
monitors sources throughout the world ó from technical
vulnerabilities and hacker profiling to the global spread of viruses
and other malicious code. Our security intelligence services provide
decision-makers, frontline security professionals and network
administrators with timely access to actionable intelligence
and decision support on cyber-related threats. For more information,
visit http://www.idefense.com.


- -dave

David Endler, CISSP
Director, Technical Intelligence
iDEFENSE, Inc.
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071

[email protected]
www.idefense.com


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »