Lucent Access Point Routers Can Be Crashed By Remote Users Sending a Large HTTP GET Request to the Web Management Interface
|
|
SecurityTracker Alert ID: 1004867 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 28 2002
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Advisory: Phenoelit Group
|
Description: A vulnerability was reported in the Lucent (Xedia) Access Point router series. A remote user can cause the router to reboot.
Pheonelit Group reported that a remote user can send HTTP GET request with approximately 4000 characters in the URI to the router's
web server to cause the router to reboot.
A demonstration exploit is provided:
linux# wget `perl -e 'print "http://router_ip/";
print "A"x4000; print "/";`
The vendor has reportedly been notified.
|
Impact: A remote user can cause the router to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.lucent.com/products/subcategory/0,,CTID+2017-STID+10472-LOCL+1,00.html (Links to External Site)
|
Cause: Boundary error, Exception handling error
|
Reported By: kim0 <kim0@phenoelit.de>
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 27 Jul 2002 12:10:43 +0200
From: kim0 <kim0@phenoelit.de>
Subject: Phenoelit Advisory 0815 ++ // Xedia
|
--------------080005020902060008080005
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
--
kim0 <kim0@phenoelit.de>
Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0 FBEF 2D72 33C0 77FC CD42
--------------080005020902060008080005
Content-Type: text/plain;
name="Lucent_Xedia.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Lucent_Xedia.txt"
Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +++>
[ Authors ]
FX <fx@phenoelit.de>
kim0 <kim0@phenoelit.de>
Phenoelit Group (http://www.phenoelit.de)
Advisory http://www.phenoelit.de/stuff/Lucent_Xedia.txt
[ Affected Products ]
Lucent
Access Point IP Services Router
(Formerly known as Xedia Router)
Lucent Bug ID: Not assigned
CERT Vulnerability ID: 682275
[ Vendor communication ]
06/28/02 Reply to inquiry regarding "who to notify"
06/29/02 Initial Notification, Xedia team
*Note-Initital notification by phenoelit
includes a cc to cert@cert.org by default
07/01/02 Human confirmation form Lucent of receipt
07/01/02 Human confirmation from CERT and correspondence
from CERT
07/06/02 Weekly follow-up by central POC at
Lucent (Right on Time)
07/08/02 Follow Up
07/19/02 Notification of intent to post publically
in apx. 7 days.
[ Overview ]
The Lucent Access Point Router is a mid-range Access Level Router
that supports a wide range of cool features such as CBQ (QoS stuff).
[ Description ]
The Lucent Access Point has a web server providing a colorful
interface to use for configuration. This interface is apparently
for those people who don't like the extremley powerful
command-line. When sending an HTTP GET request with approximately
4000 characters in the URI to the server, the Access Point reboots.
[ Example ]
linux# wget `perl -e 'print "http://router_ip/"; print "A"x4000; print "/"
;`
router# [b00m]
[ Solution ]
None known at this time.
[ end of file ]
--------------080005020902060008080005--
|
|
