[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FYI: Linksys router vulnerability

On Wed, Dec 11, 2002 at 07:54:39AM -0800, Craig Dickson wrote:
| Josh Rehman wrote:
| > It's interesting, the advisory claims that this can be exploited even
| > when remote admin is disabled. I tried to break my own router with their
| > advice, but it didn't work. (Maybe a kind soul has already cracked my
| > router and updated my firmware for me? :-)
| > 
| > Presumably you can reset the password with this:
| >
| > 
| > (replace the ip with the ip of your router's local interface) but this
| > didn't do nuttin for me...
| > 
| > That's good news. 
| > 
| > I think.
| If that worked from the LAN side, it would be bad but not catastrophic.
| If that worked from the WAN side, it would be catastrophic.
| Of course, even from the LAN side, if someone can get into your system
| through a forwarded port (say, cracking your web or mail server, or
| getting into a shell via ssh), then it trivially becomes remotely
| exploitable.

They don't even need to do that.  All that is needed is for you to
view a maliciously crafted HTML page.  If you don't have javascript
enabled then you would need to click on a link or submit a form as

I just found out about the vulnerability yesterday.  My router is
debian on a 486, but I know some places that use Linksys devices.


Microsoft DNS service terminates abnormally when it receives a response
to a dns query that was never made.
Fix information: run your DNS service on a different platform.
                                                            -- bugtraq

Attachment: pgpbD58SV6W8G.pgp
Description: PGP signature

Reply to: