On Wed, Dec 11, 2002 at 07:54:39AM -0800, Craig Dickson wrote: | Josh Rehman wrote: | | > It's interesting, the advisory claims that this can be exploited even | > when remote admin is disabled. I tried to break my own router with their | > advice, but it didn't work. (Maybe a kind soul has already cracked my | > router and updated my firmware for me? :-) | > | > Presumably you can reset the password with this: | > http://192.168.1.1/Gozila.cgi?setPasswd=hola&RemoteManagement=1&.xml=1 | > | > (replace the ip with the ip of your router's local interface) but this | > didn't do nuttin for me... | > | > That's good news. | > | > I think. | | If that worked from the LAN side, it would be bad but not catastrophic. | If that worked from the WAN side, it would be catastrophic. | | Of course, even from the LAN side, if someone can get into your system | through a forwarded port (say, cracking your web or mail server, or | getting into a shell via ssh), then it trivially becomes remotely | exploitable. They don't even need to do that. All that is needed is for you to view a maliciously crafted HTML page. If you don't have javascript enabled then you would need to click on a link or submit a form as well. I just found out about the vulnerability yesterday. My router is debian on a 486, but I know some places that use Linksys devices. -D -- Microsoft DNS service terminates abnormally when it receives a response to a dns query that was never made. Fix information: run your DNS service on a different platform. -- bugtraq http://dman.ddts.net/~dman/
Attachment:
pgpbD58SV6W8G.pgp
Description: PGP signature