Title: D-Link DI-614+ IP Fragment Reassembly Denial of Service Vulnerability
Severity: HIGH
Description:
It has been reported that the implementation of the Internet Protocol (IP) in the firmware of the D-Link DI-614+ wireless router is vulnerable to a remotely exploitable denial of service condition. The vulnerability is related to the reassembly of fragmented IP packets and can be triggered by transmission of fragments with malicious size parameters to an affected device.
There is existing exploit code that exploits older vulnerabilities which are similar, and that can be used to successfully trigger this vulnerability. The exploit code is for an attack known as "nestea" that affected several implementations of IP, including the Linux kernel. The vulnerability in many of those implementations was due to an error calculating the total amount of buffer space required for a reassembled packet. When malicious fragments are sent to hosts affected by that vulnerability, the reassembled packet would incorrectly overwrite kernel memory outside of the allocated buffer. It is highly likely that the firmware of this device is vulnerable to a very similar condition.
When exploited, the device will reboot instantly. This will result in a denial of service until the device has restarted. Repeated attacks may result in a prolonged denial of service.
Affected Products:
- D-Link DI-614+ 2.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
