Linksys not fixed

"Will" <wreyor@attbi.com> · Mon, 25 Nov 2002 22:11:52 -0500

Nessus security scanner generated the following security report when
scanning the internal address of the linksys befsr11 firmware version
1.43.3, Nov 15 2002.

William Reyor
Topsight.net

NESSUS SECURITY SCAN REPORT

Created 25.11.2002  Sorted by vulnerabilities

Session Name : Session1
Start Time   : 25.11.2002 21:48:45
Finish Time  : 25.11.2002 22:03:17
Elapsed Time : 0 day(s) 00:14:31

Total security holes found : 4
             high severity : 4
              low severity : 0
             informational : 0

Scanned hosts:

Name                            High  Low   Info
------------------------------------------------
192.168.1.1                     4     0     0

Service: http (80/tcp)
Severity: High

It was possible to crash the remote modem by
telnetting to it on port 80 and by making
the following request :

    GET /login.htm?password=AA[...]AAA

To reactivate your modem, just reset it.

An attacker can use this to prevent your
network from connecting onto the internet.

Solution : change your ISDN modem.

Risk factor : High
CVE : CAN-1999-1533

Vulnerable hosts:
   192.168.1.1

--------------------------------------------------------------------------

Service: http (80/tcp)
Severity: High

There's a buffer overflow in the remote web server.

It is possible to overflow the remote web server and execute
commands as user SYSTEM.

See http://www.eeye.com/html/Research/Advisories/AD20010501.html
for more details.

Solution: See
http://www.microsoft.com/technet/security/bulletin/ms01-023.asp

Risk factor : High
CVE : CVE-2001-0241

Vulnerable hosts:
   192.168.1.1

--------------------------------------------------------------------------

Service: http (80/tcp)
Severity: High

It is possible to make the remote web server execute
arbitrary code by sending the following request :

 POST AA[...]AA/ HTTP/1.0

This problem may allow an attacker to execute arbitrary code on
the remote system or create a denial of service.

Solution : None at this time. Use another web server
Risk factor : High
CVE : CAN-2000-0626

Vulnerable hosts:
   192.168.1.1

--------------------------------------------------------------------------

Service: http (80/tcp)
Severity: High

It was possible to kill the web server by
sending an invalid request with a too long Cookie name or value

A cracker may exploit this vulnerability to make your web server
crash continually or even execute arbirtray code on your system.

Solution : upgrade your software or protect it with a filtering reverse
proxy
Risk factor : High

Vulnerable hosts:
   192.168.1.1