Linksys Router Local DoS - Tripwire Privilege Escalation
Denial of Service Vulnerabilities in Linksys Routers
Alan McCaig of www.b0f.net reported two local denial of service vulnerabilities in the following models of Linksys routers:
Linksys BEFSR41
Linksys BEFSRU31
Linksys BEFSR11
Linksys BEFSX41
Linksys BEFSR81 v2/v3
Linksys BEFW11S4 v3
Linksys BEFW11S4 v4
The threat posed by these vulnerabilities is mitigated somewhat, as they are apparently only exploitable from the LAN side of the router. However, they will leave the device in a deadlocked state requiring a reset to factory defaults to return to working order. If the user has made significant modifications beyond these defaults this would likely be the source of much chagrin.
Currently, the only fix is to not randomly click on untrusted links.
Format String Vulnerability in Tripwire
Paul Herman <pherman@frenchfries.net> released information regarding the mishandling of filenames passed into email reports generated by Tripwire. Although the author states that no exploit currently exists, this information is especially concerning as Tripwire is generally used on machines the administrators would like to maintain a higher-than-normal level of security on. Vulnerable versions are:
Tripwire commercial versions <= 2.4
Tripwire open source versions <= 2.3.1
Paul also included a patch for the open source version of Tripwire:
Index: src/tripwire/pipedmailmessage.cpp
===================================================================
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- src/tripwire/pipedmailmessage.cpp 21 Jan 2001 00:46:48 -0000 1.1
+++ src/tripwire/pipedmailmessage.cpp 26 May 2004 20:59:15 -0000 1.2
@@ -180,7 +180,7 @@
void cPipedMailMessage::SendString( const TSTRING& s )
{
- if( _ftprintf( mpFile, s.c_str() ) < 0 )
+ if( _ftprintf( mpFile, "%s", s.c_str() ) < 0 )
{
TOSTRINGSTREAM estr;
estr << TSS_GetString( cTripwire,
tripwire::STR_ERR2_MAIL_MESSAGE_COMMAND )
Users are encouraged to patch or disable email alerting to maintain the integrity of their systems.
Cory Altheide
Handler on Duty
Alan McCaig of www.b0f.net reported two local denial of service vulnerabilities in the following models of Linksys routers:
Linksys BEFSR41
Linksys BEFSRU31
Linksys BEFSR11
Linksys BEFSX41
Linksys BEFSR81 v2/v3
Linksys BEFW11S4 v3
Linksys BEFW11S4 v4
The threat posed by these vulnerabilities is mitigated somewhat, as they are apparently only exploitable from the LAN side of the router. However, they will leave the device in a deadlocked state requiring a reset to factory defaults to return to working order. If the user has made significant modifications beyond these defaults this would likely be the source of much chagrin.
Currently, the only fix is to not randomly click on untrusted links.
Format String Vulnerability in Tripwire
Paul Herman <pherman@frenchfries.net> released information regarding the mishandling of filenames passed into email reports generated by Tripwire. Although the author states that no exploit currently exists, this information is especially concerning as Tripwire is generally used on machines the administrators would like to maintain a higher-than-normal level of security on. Vulnerable versions are:
Tripwire commercial versions <= 2.4
Tripwire open source versions <= 2.3.1
Paul also included a patch for the open source version of Tripwire:
Index: src/tripwire/pipedmailmessage.cpp
===================================================================
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- src/tripwire/pipedmailmessage.cpp 21 Jan 2001 00:46:48 -0000 1.1
+++ src/tripwire/pipedmailmessage.cpp 26 May 2004 20:59:15 -0000 1.2
@@ -180,7 +180,7 @@
void cPipedMailMessage::SendString( const TSTRING& s )
{
- if( _ftprintf( mpFile, s.c_str() ) < 0 )
+ if( _ftprintf( mpFile, "%s", s.c_str() ) < 0 )
{
TOSTRINGSTREAM estr;
estr << TSS_GetString( cTripwire,
tripwire::STR_ERR2_MAIL_MESSAGE_COMMAND )
Users are encouraged to patch or disable email alerting to maintain the integrity of their systems.
Cory Altheide
Handler on Duty
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments