Re: 2Wire Broadband Router Session Hijacking Vulnerability

---

• From: Mike Duncan <Mike.Duncan@xxxxxxxx>
• Date: Mon, 23 Aug 2010 15:15:21 -0400

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Good to hear, but hard to see how this will really fix anything. Unlike
most modern application and devices, these routers do not update
firmware automatically or allow for the user to update them in any real
world scenario. Hell, most ISPs who use these are probably not even on
this list or pay attention to advisories primarily because they
lease/rent the modems/routers out to customers -- placing the
responsibility of updating on the user. Who -- in most cases -- even
touches the router/modem without support could be violating the ToS.

This should show the firmware/router manufactures the need for more real
world testing before deployment as well as allowing for patching via the
ISP or at least allow the user to update the firmware easily.

Thanks for all the hard work, YGN Ethical Hacker Group. Good job and
keep it up.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center

On 08/21/2010 12:30 PM, YGN Ethical Hacker Group wrote:

2wire support just replied that this has been fixed and new version
(6.x.x.x) has been released.

The advisory has been updated accordingly.

http://yehg.net/lab/pr0js/advisories/2wire/[2wire]_session_hijacking_vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxyyMYACgkQnvIkv6fg9hZ7QACffimUvg/qbTOO3h2Hkh4VvXFd
2fwAnRSWFwbJm4JNzfgI5CjjBTEG7Pat
=j+61
-----END PGP SIGNATURE-----

---

• References:
  • Re: 2Wire Broadband Router Session Hijacking Vulnerability
    • From: YGN Ethical Hacker Group

• Prev by Date: [security bulletin] HPSBGN02569 SSRT100200 rev.1 - HP MagCloud iPad App, Remote Unauthorized Access to Data
• Next by Date: TPTI-10-08: Novell iPrint Client Browser PluginGetDriverFile Uninitialized Pointer Remote Code Execution Vulnerability
• Previous by thread: Re: 2Wire Broadband Router Session Hijacking Vulnerability
• Next by thread: Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ADSL interface attenuation ... Zyxel routers can do time-based access rules. ... Getting a DSL ... until the firmware was changed. ... the IOS and is a free download. ... (comp.dcom.sys.cisco) Re: Why are Cisco routers so expensive? - oh, and fiber-optics. Why not? ... As do several other "domestic" routers, ... I suspect your right about the dodgy components, I think my one has dodgy ... locking up earlier this year, mostly when I tried to access the web interface, ... I noticed while examining the firmware, ... (uk.telecom.broadband) Re: ADSL interface attenuation ... I didn't know that Zyxel routers do have a "time range based ACL" ... informations I found on Cisco docs. ... My DSL firmware is 3.0.014; It's the release embedded with my IOS. ... (comp.dcom.sys.cisco) Re: Varying Noise Margin ... >>> My firmware is 3.01.25 ... ... >>> And why should it be better at the extension than at the MEP? ... >> Some of the Netgear routers do display such ... for some reason I loose the network for around 30seconds. ... (uk.telecom.broadband) Re: Tracking internet traffic over the wireless ... You might look into running a replacement firmware on one of the many ... DD-WRT is the most versatile and the newer ... DD-WRT.com has a long list of compatible routers that can be flashed ... (alt.internet.wireless)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2010-08