[原文]Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
Prestige is a product line of DSL routers produced and distributed by Zyxel.
When a Zyxel router receives fragmented packets that after reassembly is greater than 64 kilobytes in length, the router crashes. The router must be power cycled to resume normal operation. This could lead to a remote user denying service to a legitimate user of the router. The router is affected only by fragmented packets received through the DSL interface. Fragmented packets sent through the LAN interface have no affect on the system.
ping -t -l 65500 victim.example.com
ZyXEL Prestige Router Fragmented Packet Parsing Remote DoS
Remote / Network Access
Denial of Service
Loss of Availability
ZyXel Prestige 681 series DSL routers contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a fragmented packet with a length of greater than 64KB after reassembly, and will result in loss of availability for the device.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:
Turn off routing and put device in bridging mode
This vulnerability was discovered by Przemyslaw Frasunek <email@example.com>, and announced via Bugtraq on December 14, 2001.
ZyXEL Prestige 681
ZyXEL Prestige 1600
A problem with Zyxel routers has been discovered that could lead to a remote denial of service attack. The problem is in the receipt of malformed packets.
When a Zyxel router receives malformed packets crafted with an IP length shorter than the actual size of the packet, the router becomes unstable and drops connectivity. This loss of connectivity can last up to three minutes. This could lead to a remote user denying service to a legitimate user of the router. The router is affected only by malformed packets received through the DSL interface. Malformed packets sent through the LAN interface have no affect on the system.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.