linksys wrt54g v5 authentication bypass fixed

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: linksys wrt54g v5 authentication bypass fixed
From: "Ginsu Rabbit" <ginsurabbit@xxxxxxxxxxx>
Date: Sat, 18 Nov 2006 00:42:03 +0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

About the authentication bypass vulnerability in certain linksys routers:

http://www.securityfocus.com/archive/1/442452/30/0/threaded

Linksys has silently patched the authentication bypass vulnerability. Thereis still no fix for the CSRF vulnerability.


The fixed firmware revision is 1.00.10.

Note that WRT54G v4 and earlier linksys routers are based on differenthardware and different firmware than the v5 and later routers. If you havea v4 or earlier router, this vulnerability doesn't affect you. If you havev5 or later, it's time to patch.


--
GR

_________________________________________________________________

Get the latest Windows Live Messenger 8.1 Beta version. Join now.http://ideas.live.com

Prev by Date: [Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite
Next by Date: A-Cart 2.0 SQL Injection
Previous by thread: [Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite
Next by thread: A-Cart 2.0 SQL Injection
Index(es):
- Date
- Thread