[luau] iDEFENSE: 11.19.02a - Denial of Service Vulnerability in Linksys Cable/DSL Routers
Kevin Goad
kevg at hawaii.rr.com
Tue Nov 26 07:53:01 PST 2002
Beware, I know some of you are using one of these.
The BEFW11S4, BEFSR11, BEFSR41 and BEFSRU31 can be crashed when several
thousand characters are passed in the password field of the device's web
management interface. Exploitation simply requires the use of a web
browser that can send long Basic Authentication fields to the affected
router's interface.
V. WORKAROUND
Disable the remote web management interface on the affected router.
VI. RECOVERY
Cycling power through the affected device should restore normal
functionality; pressing the "Reset" button on the router is
insufficient.
VII. VENDOR FIX
Linksys firmware 1.43.3, which is available at
http://www.linksys.com/download/, fixes the problem on all the
affected devices.
Full details here: http://www.idefense.com/advisory/11.19.02a.txt
More information about the LUAU
mailing list