DOS: LinkSys Cable/DSL Router Gozila sysPasswd Parameter DoS
This signature detects attempts to exploit a known vulnerability in a LinkSys Cable/DSL router. Attackers can submit an overly long sysPasswd parameter within a malicious HTTP request to crash a LinkSys Cable/DSL router.
Extended Description
Multiple Linksys routers are reported vulnerable to a denial of service condition. The issues presents themselves due to a lack of sufficient sanitization performed on parameters that are passed to the Gozila.CGI script. A remote attacker may potentially exploit these conditions to deny service to an affected appliance. It is reported that the device must be reset to the original factory defaults in order to restore normal device functionality.
Affected Products
Linksys befsx41
References
BugTraq: 10453
URL: http://www.securityfocus.com/archive/1/365039 http://www.linksys.com/
Short Name
DOS:NETDEV:LINKSYS-GOZILA-DOS2
Severity
Minor
Recommended
False
Recommended Action
None
Category
DOS
Keywords
Cable/DSL DoS Gozila LinkSys Parameter Router bid:10453 sysPasswd
Release Date
06/09/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Linksys