<div class='os_post_top_link'><a href='url=http://www.theinquirer.net/?article=16416' target='_blank'>url=http://www.theinquirer.net/?article=16416</a><br /><br /></div>Ed posted last week that <a href="http://www.pocketpcthoughts.com/forums/viewtopic.php?t=28645&postdays=0&postorder=asc&start=0">Linksys Routers were open to vulnerability</a> when subject to a buffer overflow attack. The Inquirer has just put up a story about the patches being available. There's more than just a fix for the BOOTP issue and the full list of fixes is shown below:<br /><br />Fixed CGI string attacks issue <br />Fixed UPnP on Windows XP SP2 issue <br />Fixed One way audio issue <br />Fixed NAT-T issue for some VPN connection <br />Fixed DHCP server revision, fill the siaddr to the server address <br />Fixed DHCP (BOOTP) vulnerability issue <br />Added Filter IDENT(port 113) to appear stealth when scanned <br />Added DHCP option 55 support <br />Fixed buffer leakage bug <br />Modified TCP Support RFC 3360 standard <br />Modified PPPoE/L2TP/PPTP fragmentation supports fragmenting 1 packet into more than 3. <br />Modified MTU/MRU function for better handling <br />Firmware upgrades for the following devices: BEFSR11, BEFSR41, BEFSR81, BEFSRU31, BEFW11S4 (except Version 1), can be found <a href="http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/entry.php">here</a>. Still, better late than never eh! :wink:

Interestingly, according to this slashdot story - http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126&tid=172 the backdoor password was not removed, just changed, and the new one is already out.

:roll: It never ends? :?

Slashdot thread is about a security hole in NetGear router not Linksys

Slashdot thread is about a security hole in NetGear router not Linksys

Sorry, that will teach me to link back to something I read earlier today without double checking the article. It is still funny though.

We can't all celebrate yet. A number of Linksys Routers were implicated in the original article (http://www.theinquirer.net/?article=16298), yet the only router to have a firmware upgrade so far that addresses the issue is the BEFSR41.

Granted the BEFSR41 is extremely popular and widley adopted, but the fact remains many other Linksys routers are apparently affected and are still waiting to be patched.

Makes me happy that I have a now-discontinued and obscure MN-700 router from that little Microsoft company. :lol:

The link below takes you to Linksys Knowledgebase that links to firmware upgrades for BEFSR11, BEFSR41, BEFSR81, BEFSRU31, BEFW11S4(except Version 1)

Jonathon: your front page post should reflect these devices in the link also, not just the BEFSR41.

http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/entry.php

Thanks for that Brian - a good point. I have updated the post with this info. Cheers. :D

Makes me happy that I have a now-discontinued and obscure MN-700 router from that little Microsoft company. :lol:

A silver lining to every cloud eh Jason? :wink:

Makes me happy that I have a now-discontinued and obscure MN-700 router from that little Microsoft company. :lol:

Welcome to the crowd.
So, in addition to the industrial-strength firewall, we get security by obscurity, huh?

Considering the thing runs CE.NET, they could have done interesting things with that baby.
Oh, well; with Intel putting WiFI access point capability into the upcoming Grantsdale chipset, there really won't be much profit in this market by Christmas, anyway.
Funny thing, though; in all the "analysis" about MS leaving the W-Fi market nobody in the media picked up on that angle, huh?

The MS-Intel detente continues...

The link below takes you to Linksys Knowledgebase that links to firmware upgrades for BEFSR11, BEFSR41, BEFSR81, BEFSRU31, BEFW11S4(except Version 1)

Jonathon: your front page post should reflect these devices in the link also, not just the BEFSR41.

http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/entry.php

That's better, but its still not all originally implicated. The VPN ones in particular still have no fixes availible yet, so I'm still waiting to celebrate. There is a chance the VPN units were never affected, but the original article said they have the same flaw.

untill the MN-700 has a flaw discovered. But then microsoft never has bugs in their software. :roll:

BTW im seeing no new firmware for the BEFW11S4 either.