CVE-2002-1236
CVSS5.0
发布时间 :2002-11-12 00:00:00
修订时间 :2016-10-17 22:25:06
NMCOES    

[原文]The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.


[CNNVD]Linksys BEFSR41 EtherFast Cable/DSL Router远程拒绝服务攻击漏洞(CNNVD-200211-014)

        
        Linksys EtherFast Cable/DSL routers是一款小型的四端口路由器,设计用于优化DSL或者Cable连接的使用。
        BEFSR41包含的WEB接口程序,其中的Gozila.cgi对请求处理存在问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        BEFSR41包含的WEB接口可以用于管理配置,其中包含Gozila.cgi脚本,不过如果请求Gozila.cgi脚本而不提交任何参数的情况下,可导致BEFSR41崩溃,停止对正常请求响应。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:linksys:befsr41:1.40.2Linksys EtherFast BEFSR41 Router 1.40.2
cpe:/h:linksys:befsr41:1.41Linksys EtherFast BEFSR41 Router 1.41
cpe:/h:linksys:befsr41:1.42.3Linksys EtherFast BEFSR41 Router 1.42.3
cpe:/h:linksys:befsr41:1.42.7Linksys BEFSR41 1.42.7

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1236
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1236
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-014
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html
(UNKNOWN)  VULNWATCH  20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
http://marc.info/?l=bugtraq&m=103616324103171&w=2
(UNKNOWN)  BUGTRAQ  20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
http://www.idefense.com/advisory/10.31.02a.txt
(VENDOR_ADVISORY)  MISC  http://www.idefense.com/advisory/10.31.02a.txt
http://www.iss.net/security_center/static/10514.php
(VENDOR_ADVISORY)  XF  linksys-etherfast-gozila-dos(10514)
http://www.securityfocus.com/bid/6086
(UNKNOWN)  BID  6086

- 漏洞信息

Linksys BEFSR41 EtherFast Cable/DSL Router远程拒绝服务攻击漏洞
中危 其他
2002-11-12 00:00:00 2005-05-13 00:00:00
远程  
        
        Linksys EtherFast Cable/DSL routers是一款小型的四端口路由器,设计用于优化DSL或者Cable连接的使用。
        BEFSR41包含的WEB接口程序,其中的Gozila.cgi对请求处理存在问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        BEFSR41包含的WEB接口可以用于管理配置,其中包含Gozila.cgi脚本,不过如果请求Gozila.cgi脚本而不提交任何参数的情况下,可导致BEFSR41崩溃,停止对正常请求响应。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时关闭远程WEB管理接口。
        厂商补丁:
        Linksys
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Linksys Upgrade Firmware 1.43
        
        http://www.linksys.com/download/firmware.asp?fwid=1

- 漏洞信息 (21975)

Linksys BEFSR41 1.4x Gozila.CGI Denial Of Service Vulnerability (EDBID:21975)
hardware dos
2002-11-01 Verified
0 Jeep 94
N/A [点击下载]
source: http://www.securityfocus.com/bid/6086/info

Linksys BEFSR41 is vulnerable to a denial of service condition.

The denial of service condition will be triggered when the device receives a request for the script file 'Gozila.cgi' without any parameters. 

http://192.168.1.1/Gozila.cgi? 		

- 漏洞信息

6740
Linksys BEFSR41 Gozila.cgi No Argument Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Exploit Private Vendor Verified, Uncoordinated Disclosure

- 漏洞描述

- 时间线

2002-10-31 Unknow
Unknow 2002-11-06

- 解决方案

Upgrade firmware to version 1.42.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linksys BEFSR41 Gozila.CGI Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 6086
Yes No
2002-11-01 12:00:00 2009-07-11 06:06:00
Discovery of this vulnerability credited to Jeep 94 (lowjeep94@hotmail.com).

- 受影响的程序版本

Linksys EtherFast BEFSR41 Router 1.42.7
Linksys EtherFast BEFSR41 Router 1.42.3
Linksys EtherFast BEFSR41 Router 1.41
Linksys EtherFast BEFSR41 Router 1.40.2
Linksys EtherFast BEFSR41 Router 1.43

- 不受影响的程序版本

Linksys EtherFast BEFSR41 Router 1.43

- 漏洞讨论

Linksys BEFSR41 is vulnerable to a denial of service condition.

The denial of service condition will be triggered when the device receives a request for the script file 'Gozila.cgi' without any parameters.

- 漏洞利用

The following proof of concept was provided:

http://192.168.1.1/Gozila.cgi?

- 解决方案

New firmware is available.


Linksys EtherFast BEFSR41 Router 1.40.2

Linksys EtherFast BEFSR41 Router 1.41

Linksys EtherFast BEFSR41 Router 1.42.3

Linksys EtherFast BEFSR41 Router 1.42.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站