Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability In Linksys Cable/DSL Router

Posted by CowboyNeal on from the bugs-sploits-and-buffer-overruns dept.

ispcay writes "Yahoo has published an article on a Linksys vulnerability. An easily exploitable software vulnerability in a common home networking router by Linksys Group could expose thousands of home users to denial of service attacks, according to a security advisory issued by iDefense, a software security company." The article's kinda sparse on details, but does mention that the vulnerability is fixed in the latest firmware release. Upgrade 'em if ya got 'em!

15 of 254 comments (clear)

  1. some details on eweek by didiken · · Score: 5, Informative

    check Popular Linksys Router Vulnerable to Attack
    on eWeek also

  2. remote management by budcub · · Score: 5, Informative

    According to the article, if you have remote management turned off, then people out on the internet can't use the exploit against you.

  3. Users would have to turn remote management on by hillct · · Score: 5, Informative

    While I agree that the vast majority of home users will either lack the technical expertise or poise to flash the firmware, these are the people who will plug in the router and forget it, which means remote management won't be turned on so the attack won't be possible (unless the user opens up a telnet or SSH port for NAT pass-thru.

    --CTH

    --

    --Got Lists? | Top 95 Star Wars Line
  4. Find Relief Here by footNipple · · Score: 5, Informative
    This should get you on the path to recovery...this and a stiff shot of Black Bush:

    http://www.linksys.com/download/default.asp

  5. From what I see by jchawk · · Score: 5, Informative

    It looks like in order to cause the crash you have have remote management enabled. Why on earth you would allow your router to be configured from outside on the internet boggles my mind. I would assume that this feature would be disabled by default, but then again who knows. I've owned a few cheap routers before and in order to use remote management you had to be connecting from an internal ip address, along with not coming through the wan port.

    Just my 2 cents.

  6. BEFSR41 upgrade utility link location by NynexNinja · · Score: 5, Informative

    Here is the location of the Linksys BEFSR41 firmware upgrade utility v1.43 released Sept 4, 2002. Its the newest one I could find.

  7. Re:Upgrade Firmware by Unknown+Relic · · Score: 5, Informative

    While this is true, it's really not that big of a deal. The article states that for this attack to work from outside your internal network the remote management functionality needs to be turned on. I own a Linksys router and know for a fact that this feature is not enabled by default. Chances are that those knowledgible enough to require, and enable, remote management will be the same tiny percentage who will bother to update their firmware.

    While the attack will still work from inside the local network regardless of the state of the remote management function, it's really not a danger. The worst that someone could really do is DOS themselves, and wouldn't that be a shame...

  8. There are problems with wireless, too by Raetsel · · Score: 5, Informative

    The following showed up on the NetStumbler site yesterday:
    • GlobalSunTech develops Wireless Access Points for OEM customers like Linksys, D-Link and others. Capturing the traffic of a WISECOM GL2422AP-0T during the setup phase showed a security problem.

      Sending a broadcast packet to UDP port 27155 containing the string "gstsearch" causes the accesspoint to return wep keys, mac filter and admin password. This happens on the WLAN Side and on the LAN Side.

      Systems Affected:


      • Vulnerable, tested, OEM Version from GlobalSunTech:
      • WISECOM GL2422AP-0T

      Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
      • D-Link DWL-900AP+ B1 version 2.1 and 2.2
      • ALLOY GL-2422AP-S
      • EUSSO GL2422-AP
      • LINKSYS WAP11 v2.2
    (And I just got a WAP11, dammit.)

    In other news, JWZ's DNA Lounge is having troubles with their Linksys WAP11-based wireless link, which is their only connectivity right now.

    • "...the best sustained throughput they can handle is on the order of 64k."
    Ouch.

    (They lost their T1 due to XO's bankrupcy and above.net closing a facility. Another T1 is on the way, but it'll be a couple weeks...)

    --

    "...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
  9. Re:And on top of that... by Jace+of+Fuse! · · Score: 5, Informative

    Providing another 4 ports (one extra bit?) requires the firmware to be that different?

    Having used both, I can tell you that they are not "exactly the same" as you put it.

    The two models are very different.

    For starters, the 8 port version is NOT a few inches wider. It's the exact same width and looks identical from the front except the light arrangement which is slightly different.

    Secondly, it's a 4 port Switch AND a 4 port Hub, (4 switched ports, and 4 hub ports).

    The 4 Switched ports have QoS options, and the 4 port hub can be given a priority of it's own (higher or lower than the switched ports, I believe).

    There are also a few other details in the 8 port version that are not present in the 4 port version so we can safely assume they are functionality that is not present in the 4 port model for obvious reasons (it doesn't need them.)

    --

    "Everything you know is wrong. (And stupid.)"

    Moderation Totals: Wrong=2, Stupid=3, Total=5.
  10. Mac OS Instructions by Daleks · · Score: 5, Informative

    LinkSys only offers a specialized Windows firmware upgrading tool. The router itself has a Java applet that it supposed to work, but didn't for me in Mozilla 1.2b or IE 5.2.2. A friend directed me here. It has instructions on how to upgrade the firmware in Mac OS 9/X using their specialized tool. I worked for me.

  11. Re:Upgrade Firmware by AmigaAvenger · · Score: 5, Informative

    Did the same thing, and after digging through linksys's site, i found out there IS a way to correct it. (check the docs, basically you just toss a new firmware up to it even if it doesn't respond. The router portion is seperate from the switch, which seems to be able to flash it.)

  12. Re:Update without Windows client? by Charles+Dodgeson · · Score: 5, Informative
    Anyone spot any instructions on getting a Unixish tftp to do whatever authentication is necessary to update?
    Google pointed me to these instructions which says to use the http interface to remove any password, then just,

    tftp address of router
    tftp> mode binary
    tftp> put code.bin
    tftp> quit

    After you're done, reset your password.

    Obvious once someone else points it out.

    --
    Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
  13. The slapper.* worms can make this happen by Wee · · Score: 5, Informative
    When you fire a bunch of UDP packets at it, the NAT routing table overflows and the router crashes.

    If you've seen slapper in action, you know this is true. A host behind the router gets infected by the slapper.* worm, and first thing it does (after building itself a new home) is start probing subnets for others. It finds friends, they talk, and much traffic ensues.

    The Linksys can stand maybe 6, maybe 10 hours of that much UDP traffic before it reboots. Since the traffic is still coming in when it comes back up, it runs about a 10% chance (guestimate) of restarting successfully. It hangs otherwise. Power cycling restores functionality, and resets the inevitable cycle.

    I don't think it's a fault of Linksys. They have a product aimed at a certain market; judging from its popularity it does quite well there. If you have special needs beyond the average SOHO user, you need either an SDK or another vendor.

    -B

    --

    Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.

  14. Re:Upgrade Firmware by WhiteKnight07 · · Score: 5, Informative

    Actually I just flashed mine and it kept all my settings. Port forwarding, IP address, subnet mask, all of it. I feel I should mention that I was unable to flash the firmware from linux. Mozilla simply didn't upload the file containing newer firmware (I have no clue why) and when I tried to use Konqueror it got about halfway through the update process when the router reported a "pattern error" in the binary file and aborted the upgrade. So I booted to Win2k and ran their little update program and it flashed it just fine. Although I did have to turn off the Proxomitron.

    --


    We're going to make information free Mr. Anderson, whether you like it, or not.
  15. Re:1.42.7, 1.43 by adolf · · Score: 5, Informative

    Why bother with a laptop disk?

    It's just a firewall. It doesn't need mass storage, or at least nothing more than few megs. It just needs to be reliable.

    So. Just beg your friend for the throwaway 8- or 16-meg compactflash card that came with his camera, and plug it into one of these.

    Less power (can we say "fanless PSU"?), more speed, and superb reliability. With proper research, the adapter should be in the same price range as the 2.5" IDE adapter kit that you'd need for a laptop drive...

    Save the hard drive for things that can benefit from the space.

    --
    Kid-proof tablet..