On Wed, Dec 11, 2002 at 07:54:39AM -0800, Craig Dickson wrote:
| Josh Rehman wrote:
|
| > It's interesting, the advisory claims that this can be exploited even
| > when remote admin is disabled. I tried to break my own router with their
| > advice, but it didn't work. (Maybe a kind soul has already cracked my
| > router and updated my firmware for me? :-)
| >
| > Presumably you can reset the password with this:
| > http://192.168.1.1/Gozila.cgi?setPasswd=hola&RemoteManagement=1&.xml=1
| >
| > (replace the ip with the ip of your router's local interface) but this
| > didn't do nuttin for me...
| >
| > That's good news.
| >
| > I think.
|
| If that worked from the LAN side, it would be bad but not catastrophic.
| If that worked from the WAN side, it would be catastrophic.
|
| Of course, even from the LAN side, if someone can get into your system
| through a forwarded port (say, cracking your web or mail server, or
| getting into a shell via ssh), then it trivially becomes remotely
| exploitable.
They don't even need to do that. All that is needed is for you to
view a maliciously crafted HTML page. If you don't have javascript
enabled then you would need to click on a link or submit a form as
well.
I just found out about the vulnerability yesterday. My router is
debian on a 486, but I know some places that use Linksys devices.
-D
--
Microsoft DNS service terminates abnormally when it receives a response
to a dns query that was never made.
Fix information: run your DNS service on a different platform.
-- bugtraq
http://dman.ddts.net/~dman/
Attachment:
pgpbD58SV6W8G.pgp
Description: PGP signature