[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Deutsche Telekom CERT Advisory [DTC-A-20170323-001]
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Deutsche Telekom CERT Advisory [DTC-A-20170323-001]
- From: cert@xxxxxxxxxx
- Date: Tue, 16 Jul 2019 06:39:36 GMT
Deutsche Telekom CERT Advisory [DTC-A-20170323-001]
Summary:
Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box
7490)
Recommendation:
Update to the newest Version of FRITZ!OS
Details:
a) application
b) problem
c) CVSS
d) detailed description
e) credits
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
a) FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)
b) Memory leakage within the PPPoE/PPP padding
c) 4.7 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/RL:U
d)
Multiple DSL access router (aka Homegateway / CPE) handle PPPoE frame padding
incorrectly.
Instead of padding frames with zeroes, frames are padded with random memory,
allowing an attacker (with physical access to wire between PPPoE endpoints) to
view slices of previously transmitted packets or portions of kernel memory.
This seems to be similar to
http://www.securiteam.com/securitynews/5BP01208UO.html.
AVM DSL Router Fritz!Box 7490 (tested with FRITZ!OS 6.83 & 6.80) sends portion
of memory within PPPoE Discovery protocol PADT frames because arbitrary memory
is used in the padding to reach the minimum Ethernet frame length.
Further research shows that ?short? PPP LCP frames are also padded with random
memory.
e) Christian Kagerhuber