[luau] iDEFENSE: 11.19.02a - Denial of Service Vulnerability in Linksys Cable/DSL Routers

Kevin Goad kevg at hawaii.rr.com
Tue Nov 26 07:53:01 PST 2002


Beware,  I know some of you are using one of these. 

The BEFW11S4, BEFSR11, BEFSR41 and BEFSRU31 can be crashed when several
thousand characters are passed in the password field of the device's web
management interface. Exploitation simply requires the use of a web
browser that can send long Basic Authentication fields to the affected
router's interface.

V. WORKAROUND

Disable the remote web management interface on the affected router. 

VI. RECOVERY

Cycling power through the affected device should restore normal 
functionality; pressing the "Reset" button on the router is
insufficient.

VII. VENDOR FIX

Linksys firmware 1.43.3, which is available at 
http://www.linksys.com/download/, fixes the problem on all the  
affected devices.


Full details here: http://www.idefense.com/advisory/11.19.02a.txt




More information about the LUAU mailing list