Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)

From: kim0 (kim0@phenoelit.de)
Date: 07/27/02 

Date: Sat, 27 Jul 2002 12:07:07 +0200
From: kim0 <kim0@phenoelit.de>
To: darklab@darklab.org, bugtraq@securityfocus.com, vuln-dev@securityfocus.com




-- 
            kim0   <kim0@phenoelit.de>
        Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 ++-+>

[ Authors ]
        FX <fx@phenoelit.de>
        FtR <ftr@phenoelit.de>

        Phenoelit Group (http://www.phenoelit.de)
        Advisory http://www.phenoelit.de/stuff/dp-300.txt

[ Affected Products ]
        D-Link
                        DP-300+

        D-Link Bug ID: Not assigned

[ Vendor communication ]
        07/07/02 Initial Notification
                        *Note-Initial notification by phenoelit
                        includes a cc to cert@cert.org by default
        07/19/02 Notification of intent to post public in apx.
                        7 days.

[ Overview ]
        The D-Link Ethernet/Fast Ethernet Print Server DP-300+
        provides network connectivity for printers.
        
[ Description ]
        By sending an oversized POST request to an existing web page such
        as /Config1.htm, the device web server dies. A process appears to be
        listening on the port but will no longer answer requests. Additionally,
        the print server reports an uptime of less then one minute after the
        attack, indicating that the software dies during this time.

[ Example ]
        See above

[ Solution ]
        None known at this time.

[ end of file ]