Linksys Router Exploit Fix

Omega65Omega65 Philadelphia, Pa
edited June 2004 in Science & Tech
The Linksys Router Remote Sniffing Exploit vulnerability that The Inq reported on has been fixed. Follow the Link for the story and links to Updates
Original Story: Linksys routers may be open to remote sniffing

FOLKS AT security portal SecuriTeam published on May 17 an exploit that could allow hackers and other nasty people to remotely sniff traffic passing through the router, and also crash the device.

The article says it all comes down to a "memory leak", causing a flaw in the way the Linksys routers' DHCP server returns BOOTP protocol packets. This exploit is currently listed at position #3 in the SecuriTeam.com front page, so expect lots of script kiddies to be playing with it as we write (and you read) this.

The site says: "Instead of returning legitimate BOOTP responses, (the linksys units) return BOOTP responses with the BOOTP fields filled in with portions of memory. This allows you to do cool things like the equivalent of sniffing all the traffic to/from the device". It continues: "I have successfully used this technique to steal the admin username and password from an innocent third party who recently configured the device, and I watched someone's traffic as they browsed ebay for a new Ti-Book".
Whew! Patches applied!

Source: The Inquirer

Comments

  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited June 2004
    I couldn't get it to work. :confused:

    I tried the utility and the method within the router software. Could it be that it's because I don't have version 3 of the hardware?
  • Omega65Omega65 Philadelphia, Pa
    edited June 2004
    Check Your router to see which version you have. I have Both a v1 & a v3. The V3 you can import the update v1.05.00_code.bin from within the router itself. Under the Administration page, It has an Firmware Upgrade selection.

    For the v1 router run the setup wizard
    from the instructions

    The following option is available.

    Server- Enter the IP Address of the BEFSR41 that you assigned. By default, the router is 192.168.1.1 as shown above.

    Password- Enter the password you assigned the router. By default, the router’s password is “admin”.

    File- Click the triple “…” button to browse for the .bin file that was part of the extracted file you downloaded. In the example, the code.bin was extracted on the Windows desktop.

    Click Upgrade button to start upgrading. A progress bar should show up to show the progress.

    Both Zips include the instruction.doc, Setup wizard and the appropriate *.bin file Link to post with files (the zip files don't show up on S-M.com)
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited June 2004
    Thanks, Omega - got it now. :clap:

    It's nice to feel a little safer, I certainly rely on my router as the first line of defense.
Sign In or Register to comment.