Linksys BEFSR41 DHCP Network Data Information Disclosure

2004-06-07T05:43:03
ID OSVDB:6741
Type osvdb
Reporter Lance Armstrong(mishlai@hotmail.com)
Modified 2004-06-07T05:43:03

Description

Vulnerability Description

The firmware in Linksys BEFSR41 Cable/DSL Router contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the integrated DHCP server when handling BOOTP packets, which will disclose sensitive information resulting in a loss of confidentiality.

Solution Description

Upgrade to firmware version 1.45.11 (Revision 1 and 2) and 1.05.00 (Revision 3) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The firmware in Linksys BEFSR41 Cable/DSL Router contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the integrated DHCP server when handling BOOTP packets, which will disclose sensitive information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.linksys.com/default.asp Vendor Specific Advisory URL Secunia Advisory ID:11606 Packet Storm: http://packetstormsecurity.nl/0405-exploits/linksys-dhcp-exploit.c Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0083.html ISS X-Force ID: 16142 CVE-2004-0580 Bugtraq ID: 10329