Vulnerability In Linksys Cable/DSL Router 262
ispcay writes "Yahoo has published an article on a Linksys vulnerability. An easily exploitable software vulnerability in a common home networking router by Linksys Group could expose thousands of home users to denial of service attacks, according to a security advisory issued by iDefense, a software security company." The article's kinda sparse on details, but does mention that the vulnerability is fixed in the latest firmware release. Upgrade 'em if ya got 'em!
some details on eweek (Score:5, Informative)
on eWeek also
remote management (Score:5, Informative)
Users would have to turn remote management on (Score:5, Informative)
--CTH
Find Relief Here (Score:5, Informative)
http://www.linksys.com/download/default.asp [linksys.com]
From what I see (Score:5, Informative)
Just my 2 cents.
BEFSR41 upgrade utility link location (Score:5, Informative)
not vulnerable by default (Score:2, Informative)
So for Aunt Tilly, there's no real danger unless the malicious person is on the network.
Anyone remember the Bud Ice commercials? "...I REPEAT! THAT CALL WAS PLACED FROM INSIDE THE HOUSE!!"
All router versions appear to use the same fmwr (Score:4, Informative)
The firmware updates can be had here:
http://www.linksys.com/download/firmware.asp
Re:Luckily for me... (Score:1, Informative)
*sigh* (Score:3, Informative)
"Normal" DoS is what this is - crashing the target. For example, an old flaw in Wu-FTPD allowed a core dump - crashing the deamon and creating a DoS to anyone who needs it. All it took was a malformed request during a session. One machine required, not many.
Re:Upgrade Firmware (Score:5, Informative)
While the attack will still work from inside the local network regardless of the state of the remote management function, it's really not a danger. The worst that someone could really do is DOS themselves, and wouldn't that be a shame...
Those Dumb Fucks (Score:2, Informative)
Well, guess what. When you fire a bunch of UDP packets at it, the NAT routing table overflows and the router crashes (it happens faster if you have your DMZ host address set to a nonexistent address on the network), only to reboot itself in a few minutes. This has been tested and proven, but Linksys' response to me is "it's your software firewall, sir, you shouldn't run both at the same time." What a bunch of ignorant assholes. I informed them of the routing table overflow bug, but they ignored me.
Now, this bug shouldn't really affect anybody cause you really shouldn't run remote admin on your router, but with their shoddy firmware, it doesn't surprise me in the bit!
There are problems with wireless, too (Score:5, Informative)
The following showed up on the NetStumbler [netstumbler.com] site yesterday:
Sending a broadcast packet to UDP port 27155 containing the string "gstsearch" causes the accesspoint to return wep keys, mac filter and admin password. This happens on the WLAN Side and on the LAN Side.
Systems Affected:
Vulnerable, tested, OEM Version from GlobalSunTech:
Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
In other news, JWZ's DNA Lounge [dnalounge.com] is having troubles [dnalounge.com] with their Linksys WAP11-based wireless link, which is their only connectivity right now.
(They lost their T1 due to XO's bankrupcy and above.net closing a facility. Another T1 is on the way, but it'll be a couple weeks...)
Re:And on top of that... (Score:5, Informative)
Having used both, I can tell you that they are not "exactly the same" as you put it.
The two models are very different.
For starters, the 8 port version is NOT a few inches wider. It's the exact same width and looks identical from the front except the light arrangement which is slightly different.
Secondly, it's a 4 port Switch AND a 4 port Hub, (4 switched ports, and 4 hub ports).
The 4 Switched ports have QoS options, and the 4 port hub can be given a priority of it's own (higher or lower than the switched ports, I believe).
There are also a few other details in the 8 port version that are not present in the 4 port version so we can safely assume they are functionality that is not present in the 4 port model for obvious reasons (it doesn't need them.)
Re:Old News (proof) (Score:2, Informative)
Here [securepoint.com] is a mailing list archive or yet another redundant reference of this problem. It's almost a year old. Come on slashdotters, don't get sloppy in the deluge huh?
Mac OS Instructions (Score:5, Informative)
Re:Linksys (Score:2, Informative)
Another one to add to this list (Score:3, Informative)
I reported this to linksys, they quickly gave me another firmware update, but other users reported the same thing.
http://arstechnica.infopop.net/OpenTopic/page?a
Re:Upgrade Firmware (Score:5, Informative)
Re:Those Dumb Fucks (Score:2, Informative)
During the early stages, we had more and more people telling us that they were having problems accessing the servers in Kaillera. The connection protocol happens to be UDP.
The problem was, I was fine, as were a number of others that use(d) the linksys routers. Our suggestion was to upgrade the firmware or to just DMZ the router, which worked 90% of the time. For many people, that worked. Over the almost two years now, the problems w/the router have almost completely dissapeared.
Re:Update without Windows client? (Score:5, Informative)
tftp address of router
tftp> mode binary
tftp> put code.bin
tftp> quit
After you're done, reset your password.
Obvious once someone else points it out.
The slapper.* worms can make this happen (Score:5, Informative)
If you've seen slapper in action, you know this is true. A host behind the router gets infected by the slapper.* worm, and first thing it does (after building itself a new home) is start probing subnets for others. It finds friends, they talk, and much traffic ensues.
The Linksys can stand maybe 6, maybe 10 hours of that much UDP traffic before it reboots. Since the traffic is still coming in when it comes back up, it runs about a 10% chance (guestimate) of restarting successfully. It hangs otherwise. Power cycling restores functionality, and resets the inevitable cycle.
I don't think it's a fault of Linksys. They have a product aimed at a certain market; judging from its popularity it does quite well there. If you have special needs beyond the average SOHO user, you need either an SDK or another vendor.
-B
Another Reason Not To Worry (Score:2, Informative)
The third reason is that Block WAN Request is enabled by default. This is how these routers make themselves invisible to the web: they just drop the packets that come from outside. This can be combined with opening a specific port (forwarding), in which case the traffic on that port is directed to a SPECIFIC machine on the LAN.
The Lazy Way... (Score:3, Informative)
BTW, the last firmware upgrade on the "41" works great with WinXP UPnP. Fairly easy to set up safely (update Windows), and it lets me put my dad behind NAT and still fix his system remotely using XP Remote Assistance. It actually works, much to my amazement, and AFAIK, there are no serious vulnerabilities if it's done right.
Re:Upgrade Firmware (Score:5, Informative)
Re:1.42.7, 1.43 (Score:5, Informative)
It's just a firewall. It doesn't need mass storage, or at least nothing more than few megs. It just needs to be reliable.
So. Just beg your friend for the throwaway 8- or 16-meg compactflash card that came with his camera, and plug it into one of these [peeweelinux.com].
Less power (can we say "fanless PSU"?), more speed, and superb reliability. With proper research, the adapter should be in the same price range as the 2.5" IDE adapter kit that you'd need for a laptop drive...
Save the hard drive for things that can benefit from the space.
Local Link for Router Owners (Score:2, Informative)
If you own this router and you own IE 5 or above, please visit this upgrade page [192.168.1.1], substituting the IP of your modem for 192.168.1.1 [Default].
Re:And the point is what? (Score:3, Informative)
I don't remember if it is turned on by default. Settings are saved through firmware upgrades and it has been a long time since I bought my router.