D-Link Router DHCP LEASETIME DoS

2004-06-27T00:00:00
ID OSVDB:7294
Type osvdb
Reporter Gregory Duchemin(c3rb3r@sympatico.ca)
Modified 2004-06-27T00:00:00

Description

Vulnerability Description

AirPlus DI-614+ and DI624 Xtreme G routers contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a specially-crafted packet containing a negative integer for the DHCP LEASETIME option, and will result in loss of availability for the device.

Solution Description

Upgrade to firmware version 2.50 for Revision C or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AirPlus DI-614+ and DI624 Xtreme G routers contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a specially-crafted packet containing a negative integer for the DHCP LEASETIME option, and will result in loss of availability for the device.

References:

Vendor URL: http://support.dlink.com/products/view.asp?productid=DI%2D614%2B Vendor URL: http://www.dlink.com/ Secunia Advisory ID:12018 Secunia Advisory ID:11961 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0440.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0029.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html ISS X-Force ID: 16539