RE: LinkSys WRT54G administration page availble to WAN

From: Alan W. Rateliff, II (lists_at_rateliff.net)
Date: 06/01/04

  • Next message: Sam Bashton: "Re: [Full-Disclosure] Possible bug in PHPNuke and other CMS"
    To: <bugtraq@securityfocus.com>
    Date: Mon, 31 May 2004 18:58:54 -0400
    
    

    > -----Original Message-----
    > From: Matthew Caron [mailto:matt@mattcaron.net]
    > Sent: Monday, May 31, 2004 5:19 PM
    > To: Alan W. Rateliff, II
    > Cc: bugtraq@securityfocus.com
    > Subject: Re: LinkSys WRT54G administration page availble to WAN
    >
    > Isn't that the Linksys product that runs Linux and all these
    > folks have
    > been making custom firmware for? If so, can't one of those folks fix
    > this bug if Linksys it taking too long?

    Perhaps, but the points still remain that LinkSys is distributing a
    vulnerable product through all channels, retail stores are blowing this item
    out with rebates, and Joe Average User isn't going to upgrade to a custom
    Linux-based firmware because chances are he or she is not aware of it.

    Also, I have received a shit-storm of auto-replies from my original post.
    Hey, people, DON'T SUBSCRIBE TO A LIST USING AN ADDRESS WITH
    AUTO-RESPONDERS!!

    After wading through 30-or-so of these auto-responses, I found three valid
    emails. The general answer is that I had an open dialogue with LinkSys
    support (case #AEV-14523-534, which refers to #KNU-66355-624,) the problem
    was originally noted to them on 04/28/04, and because of my open dialogue
    with LinkSys support I did not send an email to any other address or
    department at LinkSys.

    In regards to the last part, I do now feel somewhat remiss for not having
    done so, however at the same time a proven security issue should be properly
    communicated from support to the appropriate department. That seems to not
    be the case, and assumption is the evil of all root.

    -- 
           Alan W. Rateliff, II        :       RATELIFF.NET
     Independent Technology Consultant :    alan2@rateliff.net
          (Office) 850/350-0260        :  (Mobile) 850/559-0100
    -------------------------------------------------------------
    [System Administration][IT Consulting][Computer Sales/Repair]
      
    

  • Next message: Sam Bashton: "Re: [Full-Disclosure] Possible bug in PHPNuke and other CMS"

    Relevant Pages

    • Re: Router dead. Advice for replacement.
      ... >years and so many more folks use these in systems now, ... >have the benefit of the experiences of others. ... I will say that the management software is a bit obtuse compared to say Linksys ... and I haven't found any log utilities like Linklogger etc. ...
      (comp.security.firewalls)
    • Re: Laptop Wont Boot When Wireless PC Card Removed
      ... May be worth checking with the folks at Linksys on this one .. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: using Linksys "gaming adapter" w/5 port workgroup switch
      ... >I want to set up internet access for a several computers in a different room ... >from my wireless gateway (Linksys WAG54G). ... As usual Linksys support is mostly correct. ...
      (alt.internet.wireless)
    • Re: ALERT: WPA can be less secure than WEP
      ... >I can see the help desk at Linksys now... ... >Linksys would be drowning in calls if they encrypted before they shipped. ... The most challenging part of setting up a router is selecting ... nothing to do with the users ease of setup or support problem. ...
      (alt.internet.wireless)
    • Re: Help with Bind Weirdness & Logging
      ... Stock linksys firmware sucks, ... have you tried doing a hard reset of the router ... In regards to tech support, at least in my experience with Linksys, if ... I had tried what I thought was a hard reset by pressing the reset button ...
      (freebsd-questions)