[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]
- To: "Jonathan A. Zdziarski" <jonathan@nuclearelephant.com>
- Subject: Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]
- From: Tim <tim-security@sentinelchicken.org>
- Date: Thu, 4 Dec 2003 00:19:44 -0800
If you have one of these pieces of hardware, and you are worried about
the holes in it, why not just patch/replace the binaries yourself:
http://www.batbox.org/wrt54g-linux.html
It took a while for Linksys to release their GPL-ed source, but they
finally gave in to the community (and copyright law). Now there is a
distro for it and the product has a good deal more utility.
tim
On Thu, Dec 04, 2003 at 01:41:54AM -0500, Jonathan A. Zdziarski wrote:
> In a lot of cases, this would only be exploitable internally, since many
> configurations are set up not to allow access to the unit externally.
> But in any case, there are a lot of other ways to DoS these little
> residential boxes. Running macof (part of the dsniff package) will
> effectively shut down all traffic on the network. I'm sure arpspoof
> without forwarding would do the same thing. I'm surprised these things
> don't support something as basic as SSL for authentication (at least the
> model I've got doesn't)
>
> On Wed, 2003-12-03 at 23:42, Michael Renzmann wrote:
> > Can anyone confirm if technically identical devices such as the Buffalo
> > WBR-G54 share this vulnerability?
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html