Linksys vulnerability puts home users at risk

[Balandar]

From: http://smallbusiness.yahoo.com/busines....vulnera

Linksys vulnerability puts home users at risk

Paul Roberts

An easily exploitable software vulnerability in a common home networking router by Linksys Group could expose thousands of home users to denial of service attacks, according to a security advisory issued by iDefense, a software security company.

Linksys, based in Irvine, California, could not immediately be reached for comment.

Linksys is one of a number of companies that sell low-priced network gear to SOHO (small office/home office) customers. The product, the Linksys BEFSR41 EtherFast Cable/DSL router, is a low-cost router that allows two or more computers to share an ethernet or broadband Internet connection.

A security hole in some versions of the software -- called "firmware" -- used by the router could allow a remote user to crash the device, interrupting Internet service for any computers attached to it, according to iDefense.

To cause a crash, an attacker only needs to enter the URL (uniform resource locator) for a CGI (Common Gateway Interface) script used to configure and manage the router without providing any "arguments" (input for the script to process), according to iDefense.

In most situations, the attacker would already need to be on a computer connected to the network to execute an attack. However, if the router has a 'remote management' feature enabled, a malicious hacker could execute an attack from anywhere on the Internet by entering the IP (Internet Protocol) address of the router along with the name of the script into his or her Web browser.

"An attacker could just scan a (network) subnet for IP addresses belonging to Linksys routers. Once they identified the targeted routers, they could bring them down just using their Web browser," said Sunil James, a senior security engineer at iDefense, which is in Chantilly, Virginia.

The vulnerability affects BEFSR41 routers using a version of the router firmware earlier than version 1.42.7.

Other Linksys models including the BEFSR11 and BEFSRU31 routers may also be affected by the vulnerability, according to James. Those models use the same embedded Web server and firmware software as the BEFSR41, James said.

IDefense has not tested the vulnerability on the BEFSR11 or BEFSRU31 router hardware, James said. Aside from losing Internet connectivity, however, James said that iDefense does not believe the vulnerability would allow attackers to place or execute malicious code on an affected network. Following an attack, users would need to reset the router by pressing a reset button on the back of the device to restore it, according to iDefense.

To guard against this vulnerability, iDefense recommends upgrading the router firmware to version 1.42.7 or later (http://www.linksys.com/download/firmware.asp). That and subsequent firmware versions appear to eliminate the vulnerability, though Linksys makes no mention of the vulnerability in the release notes that accompany the updated firmware, according to James.

Users are also asked to verify that the router's remote management feature is not enabled.

Denial of service (DOS) attacks are usually associated with coordinated efforts by one or more hackers against high-visibility corporate Web sites such as eBay and Microsoft. However, the growing popularity of broadband Internet connections in the U.S., Europe, and Asia have made small office and home-based computer networks -- and attacks that target those networks -- common.

A study in 2001 by researchers from the Cooperative Association for Internet Data Analysis at the San Diego Supercomputer Center found that a significant percentage of more than 12,000 DOS attacks the group studied were against home users with broadband Internet connections. Researchers theorized that personal vendettas may have been the motivation for many of those attacks.

[Haidaan]

Thanks for the heads up!

Be careful before you update the bios if you have one of these babies.

Previous Linksys bios updates have caused issues with EQ. Things like going linkdead EVERY 12 minutes.

In most situations, the attacker would already need to be on a computer connected to the network to execute an attack. However, if the router has a 'remote management' feature enabled, a malicious hacker could execute an attack from anywhere on the Internet by entering the IP (Internet Protocol) address of the router along with the name of the script into his or her Web browser.

Seems to me all you have to do is turn off the "remote management" and keep your local LAN secure.

I would NOT update my bios until someone attempted to DOS me.

My 2cp

[Balandar]

Previous Linksys bios updates have caused issues with EQ. Things like going linkdead EVERY 12 minutes.

Even more reason to do so.. to get you EQ addicts into DAoC and UO! Well, at least get all of you ready to jump into SWG!

The SWG site is still being worked on. Hopefully I can get it up sometime soon (if college permits ).