We found the same vulnerabilty and reported to the vender on 9 Aug 2002. Since the vender reported that this problem has been addressed, we have decided to release this advisory after confirming the fix. --- On 13 Nov 2002 19:39:12 -0000 Andrei Mikhailovsky <andrei@arhont.com> wrote: > > > Arhont Ltd. - Information Security > > Arhont Advisory by: Andrei Mikhailovsky > (www.arhont.com) > Advisory: Buffalo AP > AP Model Name: WLA-L11G Ver.2.31 > Wireless Firmware: WLI-PCM-L11G Ver.6.14 > Model Specific: Other versions of > Buffalo APs might be vulnerable > Manufacturer site: http://www.buffalotech.com > Manufacturer contact: info@buffalotech.com > Contact Date: 25/10/2002 --- -------------------------------------------------------------------------- SNS Advisory No.59 Buffalo Wireless LAN Access Point Denial of Service Vulnerability Problem first discovered: 9 Aug 2002 Published: 3 Dec 2002 http://www.lac.co.jp/security/english/snsadv_e/59_e.html -------------------------------------------------------------------------- Overview: --------- A vulnerability was found in WLAR-L11G-L, a wireless access point from MELCO Inc., that causes a denial of service condition. Although this vulnerabilty was reported by Bugtraq on Nov. 13, 2002, we contacted the technical support of MELCO Inc. regarding this issue on August 9th and were waiting for a response. Since MELCO Inc. reported that this problem has been addressed, we have decided to release this advisory after confirming the fix. Problem Description: -------------------- WLAR-L11G-L contains a web server which is used to administer the access point. WLAR-L11G-L reboots whenever the web server receives a specific HTTP request. For example, sending the following request by telnet client can reboot the access point. "GET / HTTP/1.0" By sending the request continuously, a remote attacker can cause a denial of service condition. The access point resumes normal operation when the attacker stops sending requests. Solution: --------- This problem can be eliminated by updating the firmware to Ver 1.41.180 beta3 or later. http://buffalo.melcoinc.co.jp/download/driver/lan/wlar-l11-l.html#2 Chronology of Events: --------------------- 9 Aug 2002 : We discovered the vulnerability 9 Aug 2002 : We reported the findings to MELCO Inc. 16 Aug 2002 : MELCO Inc. sent a reply 28 Oct 2002 : MELCO Inc. reported that this problem will be fixed late in November 26 Nov 2002 : MELCO Inc. reported that this problem has been fixed by the fix of another problem Discovered by: -------------- Atsushi Nishimura a.nisimr@lac.co.jp Disclaimer: ----------- All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information. ------------------------------------------------------------------ SecureNet Service(SNS) Security Advisory <snsadv@lac.co.jp> Computer Security Laboratory, LAC http://www.lac.co.jp/security/
