Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
BID:16954
Info
Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
| Bugtraq ID: | 16954 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2006-1067 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 04 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | [email protected] discovered this issue. Both [email protected] and "Cade Cairns" <[email protected]> disclosed this issue. |
| Vulnerable: |
NetGear WGT624 0 NetGear RT314/RT311 Gateway Router Firmware 3.25 NetGear RT314/RT311 Gateway Router Firmware 3.24 NetGear RT314/RT311 Gateway Router Firmware 3.22 NetGear RT-338 NetGear ME102 1.4 NetGear ME102 1.3 NetGear FVS318v2 2.4 NetGear FVS318 2.4 NetGear FVS318 1.3 NetGear FVS318 1.2 NetGear FVS318 1.1 NetGear FVS318 1.0 NetGear FM114P NetGear DG834G NetGear DG834 ADSL Firewall Router Microsoft Publisher 2002 1.40 3f Linksys WRT54GS 4.70.6 (Firmware) Linksys WRT54GS 4.50.6 (Firmware) Linksys WRT54G v4.0 4.20.6 (Firmware) Linksys WRT54G v4.0 4.0.7 (Firmware) Linksys WRT54G v3.0 3.3.6 (Firmware) Linksys WRT54G v3.0 3.1.3 (Firmware) Linksys WRT54G v2.0 2.4.4 (Firmware) Linksys WRT54G v2.0 2.0 2.8 beta(Firmware) Linksys WRT54G v2.0 2.0 0.8 (Firmware) Linksys WPC300N - Wireless-N Notebook Adapter 4.100.15.5 Linksys WAP55AG 1.0.7 Linksys WAP11 2.2 Linksys WAP11 1.4 Linksys WAP11 1.3 Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.42.7 Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.40.3 Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.9 b Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 b Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 Linksys EtherFast BEFVP41 Router 1.39.64 Linksys EtherFast BEFVP41 Router Linksys EtherFast BEFSRU31 Router 1.44 Linksys EtherFast BEFSRU31 Router 1.43.3 Linksys EtherFast BEFSRU31 Router 1.43 Linksys EtherFast BEFSRU31 Router 1.42.7 Linksys EtherFast BEFSRU31 Router 1.42.3 Linksys EtherFast BEFSRU31 Router 1.41 Linksys EtherFast BEFSRU31 Router 1.40.2 Linksys EtherFast BEFSR81 Router 2.44 Linksys EtherFast BEFSR81 Router 2.42.7 Linksys EtherFast BEFSR81 Router Linksys EtherFast BEFSR41 Router 1.45.7 Linksys EtherFast BEFSR41 Router 1.44 Linksys EtherFast BEFSR41 Router 1.43.3 Linksys EtherFast BEFSR41 Router 1.43 Linksys EtherFast BEFSR41 Router 1.42.7 Linksys EtherFast BEFSR41 Router 1.42.3 Linksys EtherFast BEFSR41 Router 1.41 Linksys EtherFast BEFSR41 Router 1.40.2 Linksys EtherFast BEFSR41 Router 1.39 Linksys EtherFast BEFSR41 Router 1.38 Linksys EtherFast BEFSR41 Router 1.37 Linksys EtherFast BEFSR41 Router 1.36 Linksys EtherFast BEFSR41 Router 1.35 Linksys EtherFast BEFSR41 Router 1.0 5.00 Linksys EtherFast BEFSR11 Router 1.44 Linksys EtherFast BEFSR11 Router 1.43.3 Linksys EtherFast BEFSR11 Router 1.43 Linksys EtherFast BEFSR11 Router 1.42.7 Linksys EtherFast BEFSR11 Router 1.42.3 Linksys EtherFast BEFSR11 Router 1.41 Linksys EtherFast BEFSR11 Router 1.40.2 Linksys EtherFast BEFN2PS4 Router Linksys BEFW11S4 v4 Linksys BEFW11S4 v3 Linksys BEFW11S4 1.44 Linksys BEFW11S4 1.43.3 Linksys BEFW11S4 1.4.3 Linksys BEFW11S4 1.4.2 .7 Linksys BEFVP41 1.42.7 Linksys BEFVP41 1.40 .4 Linksys BEFVP41 1.40 .3f Linksys BEFSX41 1.45.3 Linksys BEFSX41 1.44.3 Linksys BEFSX41 1.44 Linksys BEFSX41 1.43.4 Linksys BEFSX41 1.43.3 Linksys BEFSX41 1.43 Linksys BEFSX41 1.42.7 Linksys BEFSR81 v3 Linksys BEFSR81 v2 Linksys BEFSR81 Linksys BEFSR41W Linksys BEFSR41 v3 Linksys BEFSR41 v2 Linksys BEFSR41 v1 Linksys BEFN2PS4 1.42.7 Linksys BEFCMU10 |
| Not Vulnerable: | |
Discussion
Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
Linksys and Netgear routers are susceptible to a remote IRC denial-of-service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic.
This issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users.
Linksys WRT54G routers are vulnerable to this issue. Routers running with the VxWorks operating system, but not Linux-based operating systems, are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed.
Linksys and Netgear routers are susceptible to a remote IRC denial-of-service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic.
This issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users.
Linksys WRT54G routers are vulnerable to this issue. Routers running with the VxWorks operating system, but not Linux-based operating systems, are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed.
Exploit / POC
Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
An attacker likely utilizes a standard IRC client to exploit this issue.
An attacker likely utilizes a standard IRC client to exploit this issue.
Solution / Fix
Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
References:
References:
- Linksys Homepage (Linksys)
- Netgear Support Page (Netgear)
- WRT54G Product Page (Linksys)
- linksys router + irc DoS ("Cade Cairns"
) - Various router DoS ([email protected])