SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Device (Printer)  >  D-Link Print Server Vendors:  D-Link Systems, Inc.
D-Link DP-300+ Print Server Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1004868
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 28 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Advisory:  Phenoelit Group
Description:  A vulnerability was reported in the D-Link DP-300+ Print Server. A remote user can cause the print server to crash.

Phenoelit reported that a remote user can send a large POST request to a web page on the server's web-based management interface to cause the server to crash.

The vendor has reportedly been notified.
Impact:  A remote user can cause the print server to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.dlink.com/ (Links to External Site)
Cause:  Exception handling error
Reported By:  kim0 <kim0@phenoelit.de>
Message History:   None.

 Source Message Contents
Date:  Sat, 27 Jul 2002 12:07:07 +0200
From:  kim0 <kim0@phenoelit.de>
Subject:  Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)

 

--------------070304040707010103040102
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit


-- 
            kim0   <kim0@phenoelit.de>
        Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

--------------070304040707010103040102
Content-Type: text/plain;
 name="dp-300.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="dp-300.txt"


Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 ++-+>

[ Authors ]
	FX		<fx@phenoelit.de>
        FtR             <ftr@phenoelit.de>

	Phenoelit Group	(http://www.phenoelit.de)
	Advisory	http://www.phenoelit.de/stuff/dp-300.txt

[ Affected Products ]
        D-Link
			DP-300+

        D-Link Bug ID:	Not assigned

[ Vendor communication ]
        07/07/02        Initial Notification
                        *Note-Initial notification by phenoelit
                        includes a cc to cert@cert.org by default
        07/19/02        Notification of intent to post public in apx.
                        7 days.


[ Overview ]
        The D-Link Ethernet/Fast Ethernet Print Server DP-300+
        provides network connectivity for printers.
 
[ Description ]
        By sending an oversized POST request to an existing web page such 
	as /Config1.htm, the device web server dies.  A process appears to be 
	listening on the port but will no longer answer requests.  Additionally, 
	the print server reports an uptime of less then one minute after the 
	attack, indicating that the software dies during this time.

[ Example ]
        See above

[ Solution ]
	None known at this time. 

[ end of file ]




--------------070304040707010103040102--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC