TUCoPS :: Network Appliances :: lsefdos.txt

LinkSys EtherFast Router Denial of Service Attack

DigitalPranksters Security Advisory
<http://www.DigitalPranksters.com>

LinkSys EtherFast Router Denial of Service Attack

Risk: Low

Product: Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 
1.44.3)

Product URL: <http://www.linksys.com/products/product.asp?prid=433>

Vendor Contacted: September 9, 2003

Vendor Released Patch: September 26, 2003

DigitalPranksters Public Advisory Released: October 7, 2003

Found By: KrazySnake - krazysnake@digitalpranksters.com <mailto:krazysnake@digitalpranksters.com>

Problem:
The Linksys BEFSX41 has web-based administration utility at a predictable 
default address (<http://192.168.1.1>). The administration is done through a 
series of html forms using the "get" method. The router also has an out of 
the box password of "admin".

Under the default configuration the router is only accessible from the 
local lan and not the internet. However, an attacker could set up a web 
page or send html email to someone inside of the lan to indirectly send 
commands to the router.

An attacker could specify a URL that results in denial of service. The 
denial of service occurs when long string is sent to the System Log 
Viewer's "Log_Page_Num" parameter. The router will be unresponsive after 
the URL is visited when logging is enabled.

Proof of Concept:
If an attacker can get the admin of the router to view a URL like 
<http://192.168.1.1/Group.cgi?Log_Page_Num=1111111111&LogClear=0>, the 
router will become inoperable. The link could be set as the source of an 
image html tag.

Resolution:
Linksys released an updated firmware to address this issue. This firmware 
update is made available by Linksys from 
<http://www.linksys.com/download/firmware.asp?fwid=172>.

Greetings:
SkippyInside, AngryB, Harmo, HTMLBCat, and Spyder.
Thanks to Linksys for fixing this issue.

Disclaimer:
Standard disclaimer applies. The opinions expressed in this advisory are 
our own and not of any company. The information within this advisory may 
change without notice. Use of this information constitutes acceptance for 
use in an AS IS condition. There are no warranties with regard to this 
information. In no event shall the author be liable for any damages 
whatsoever arising out of or in connection with the use or spread of this 
information. Any use of this information is at the user's own risk.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH