[Fwd: Linksys router vulnerability]

ME dugan at passwall.com
Wed Nov 20 09:33:52 PST 2002


People ask why I dont use my Wireless access point as my primary
firewall/filter for network access, and instead dedicate an interface on
the linux box (router) for wireless access only (public use) to the
wireless access point...

Here is a good reason:
(These kinds of things come out for many different vendor products and
from my experience, I see far fewer issues with the filtering system built
into Linux.)

Just an FYI for you Linux users who have open wireless access through one
of these devices.

(I use this, so I figured someone else might also use it with Linux too.)

-ME

-------- Original Message --------
Subject: Linksys router vulnerability
From: Seth Bromberger <sbbugtraq1102 at yahoo.com>
Date: Mon, November 18, 2002 2:00 pm
To: bugtraq at securityfocus.com

SUMMARY:
Linksys products running affected firmware versions
are susceptible to a bug that allows unauthenticated
access to the management interface.  This bug affects
both local and remote management (if enabled).

AFFECTED PRODUCTS (per Linksys support):
BEFSR41, BEFSR11, BEFSRU31:
  firmware versions from 1.41 through 1.43
BEFW11S4:
  firmware versions from 1.42.7 through 1.43.

IMPACT:
Users on the prote
cted ("local") network can gain
administrative access to the Linksys router and may
view/alter configuration data.  If remote management
is enabled, users on the unprotected ("wide-area")
network may gain similar access.

Note that for the BEFW11S4, the "local" network
includes all devices able to associate with the access
point.

RESOLUTION:
Linksys has released firmware version 1.43.3 that
resolves this issue on the tested equipment (BEFSR41).
 It is assumed that the problem is resolved with this
firmware version on all affected products.

DETAIL:
It appears that the Linksys HTTP management interface
does not handle cases where the client sends specific
XML-related data during the initial content
negotiation ("XML related entries in the mailcap
file").

VERIFICATION/TEST SETUP:
Test setup included the following hardware/software:
- BEFSR41 firewall/router with firmware version 1.43
- lynx browser version 2.8.4rel.1 (17 Jul 2001)
- ~/.mailcap with the following line:
application/foo.xml;

Using lynx with the above mailcap, connect to the
management interface (remote interface listens on port
8080 when enabled).  Affected versions will display
the setup screen without requiring the user to enter a
password.  (Note: mailcap is generally installed as
~/.mailcap).  Navigation to other screens is possible,
though some "accept" buttons might not render if the
browser used is unable to process javascript.

TIMELINE:
Linksys was notified of this bug on 11 November 2002.
The bug was confirmed on 12 November 2002.  A beta
firmware update was tested on 15 November 2002; the
new firmware (1.43.3, 11/15/2002) is now available on
the Linksys web site.

THANKS:
Andreas Bang and Jay Price at Linksys were
instrumental in determining the scope of this problem,
and provided prompt, detailed feedback.



__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com





More information about the talk mailing list