Re: Linksys WRT54G Denial of Service Vulnerability

• Previous message: Gregor Lawatscheck: "[Fwd: Security Alert; possible buffer overflow in all Mathopd versions]"
• Maybe in reply to: test_at_techcentric.net: "Linksys WRT54G Denial of Service Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Michael Renzmann <security@dylanic.de>
Date: Fri, 5 Dec 2003 16:47:41 +0200

Buffalo WBR-G54 (Firmware 1.30) is not vulnerable. It answers with "bad
request" and the http server continues working without problems.

---- clip ---
[stnz@starship stnz]# nc 192.168.11.1 80
GET
HTTP/1.0 400 Bad Request
Server: micro_httpd
Date: Tue, 01 Jan 2002 06:04:15 GMT
Content-Type: text/html
Connection: close

<HTML><HEAD><TITLE></TITLE><meta http-equiv="Pragma"
content="no-cache"></HEAD>
<BODY BGCOLOR="#FFFFFF">
Can't parse request.
---- clip ---

-
Ystävällisin terveisin/Best Regards
Turun Tietokeskus Oy/Eerik Kiskonen
Tekninen asiantuntija/Technical specialist
Satakunnantie 110, 20320 TURKU, Finland
Direct. +358-2-273 4244
Fax. +358-2-273 4220
E-mail: eerik.kiskonen@toptronics.fi
Web. http://www.turuntietokeskus.fi

Michael Renzmann <security@dylanic.de>
04.12.2003 06:33

 
        To: test@techcentric.net
        cc: bugtraq@securityfocus.com
        Subject: Re: Linksys WRT54G Denial of Service Vulnerability

Hi all.

test@techcentric.net wrote:
> Linksys WRT54G Denial of Service Vulnerability

There are some devices out there that are technically identical to the
WRT54G (for example the Buffalo WBR-G54). Can anyone confirm whether
they share this issue?

Bye, Mike

• Previous message: Gregor Lawatscheck: "[Fwd: Security Alert; possible buffer overflow in all Mathopd versions]"
• Maybe in reply to: test_at_techcentric.net: "Linksys WRT54G Denial of Service Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]