Re: Denial of Service Problems with Linksys Products
From: J-Dog (J_Dog82@yahoo.com)
Date: 11/28/02
- Next message: Jay Blackwood: "Configuring a Linksys router/firewall for use with FTP"
- Previous message: Eric Chamberlain: "Re: Which hardware firewall should I use for web servers doing 100 Mbps"
- In reply to: David: "Re: Denial of Service Problems with Linksys Products"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: J_Dog82@yahoo.com (J-Dog) Date: 27 Nov 2002 17:52:34 -0800
"David" <davidwnh@adelphia.net> wrote in message news:<J%6F9.15707$kO5.2310599@news1.news.adelphia.net>...
> You shouldn't be affected with remote management disabled, but that is
> assuming that your particular router and firmware version do not have other
> vulnerabilities that would expose this.
>
> > is this affected even when Remote administration/updates are disabled?
> > > The BEFW11S4, BEFSR11, BEFSR41 and BEFSRU31 units can be crashed when
> > > several thousand characters are passed in the password field of the
> > > device's web management interface. Exploitation simply requires the
> > > use of a web browser that can send long Basic Authentication fields to
> > > the affected router's interface.
Also if you read the commentary from the bug alert, you'll also see
that the latest firmware for most of the units will resolve the
problems, and the ones taht aren't resolved at this time can be
resolved in the next rev of the firmware.
- Next message: Jay Blackwood: "Configuring a Linksys router/firewall for use with FTP"
- Previous message: Eric Chamberlain: "Re: Which hardware firewall should I use for web servers doing 100 Mbps"
- In reply to: David: "Re: Denial of Service Problems with Linksys Products"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
