l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Nov 20 11:04

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] [Fwd: Linksys router vulnerability]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] [Fwd: Linksys router vulnerability]

People ask why I dont use my Wireless access point as my primary
firewall/filter for network access, and instead dedicate an interface on
the linux box (router) for wireless access only (public use) to the
wireless access point...

Here is a good reason:
(These kinds of things come out for many different vendor products and
from my experience, I see far fewer issues with the filtering system built
into Linux.)

Just an FYI for you Linux users who have open wireless access through one
of these devices.

(I use this, so I figured someone else might also use it with Linux too.)


-------- Original Message --------
Subject: Linksys router vulnerability
From: Seth Bromberger <sbbugtraq1102@yahoo.com>
Date: Mon, November 18, 2002 2:00 pm
To: bugtraq@securityfocus.com

Linksys products running affected firmware versions
are susceptible to a bug that allows unauthenticated
access to the management interface.  This bug affects
both local and remote management (if enabled).

AFFECTED PRODUCTS (per Linksys support):
  firmware versions from 1.41 through 1.43
  firmware versions from 1.42.7 through 1.43.

Users on the prote
cted ("local") network can gain
administrative access to the Linksys router and may
view/alter configuration data.  If remote management
is enabled, users on the unprotected ("wide-area")
network may gain similar access.

Note that for the BEFW11S4, the "local" network
includes all devices able to associate with the access

Linksys has released firmware version 1.43.3 that
resolves this issue on the tested equipment (BEFSR41).
 It is assumed that the problem is resolved with this
firmware version on all affected products.

It appears that the Linksys HTTP management interface
does not handle cases where the client sends specific
XML-related data during the initial content
negotiation ("XML related entries in the mailcap

Test setup included the following hardware/software:
- BEFSR41 firewall/router with firmware version 1.43
- lynx browser version 2.8.4rel.1 (17 Jul 2001)
- ~/.mailcap with the following line:

Using lynx with the above mailcap, connect to the
management interface (remote interface listens on port
8080 when enabled).  Affected versions will display
the setup screen without requiring the user to enter a
password.  (Note: mailcap is generally installed as
~/.mailcap).  Navigation to other screens is possible,
though some "accept" buttons might not render if the
browser used is unable to process javascript.

Linksys was notified of this bug on 11 November 2002.
The bug was confirmed on 12 November 2002.  A beta
firmware update was tested on 15 November 2002; the
new firmware (1.43.3, 11/15/2002) is now available on
the Linksys web site.

Andreas Bang and Jay Price at Linksys were
instrumental in determining the scope of this problem,
and provided prompt, detailed feedback.

Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.