Linksys Patch Available

[Jonathon Watkins]

url=http://www.theinquirer.net/?article=16416

Ed posted last week that Linksys Routers were open to vulnerability when subject to a buffer overflow attack. The Inquirer has just put up a story about the patches being available. There's more than just a fix for the BOOTP issue and the full list of fixes is shown below:

• Fixed CGI string attacks issue
  Fixed UPnP on Windows XP SP2 issue
  Fixed One way audio issue
  Fixed NAT-T issue for some VPN connection
  Fixed DHCP server revision, fill the siaddr to the server address
  Fixed DHCP (BOOTP) vulnerability issue
  Added Filter IDENT(port 113) to appear stealth when scanned
  Added DHCP option 55 support
  Fixed buffer leakage bug
  Modified TCP Support RFC 3360 standard
  Modified PPPoE/L2TP/PPTP fragmentation supports fragmenting 1 packet into more than 3.
  Modified MTU/MRU function for better handling

Firmware upgrades for the following devices: BEFSR11, BEFSR41, BEFSR81, BEFSRU31, BEFW11S4 (except Version 1), can be found here. Still, better late than never eh! :wink:

[Jonathon Watkins]

url=http://www.theinquirer.net/?article=16416

Ed posted last week that Linksys Routers were open to vulnerability when subject to a buffer overflow attack. The Inquirer has just put up a story about the patches being available. There's more than just a fix for the BOOTP issue and the full list of fixes is shown below:

• Fixed CGI string attacks issue
  Fixed UPnP on Windows XP SP2 issue
  Fixed One way audio issue
  Fixed NAT-T issue for some VPN connection
  Fixed DHCP server revision, fill the siaddr to the server address
  Fixed DHCP (BOOTP) vulnerability issue
  Added Filter IDENT(port 113) to appear stealth when scanned
  Added DHCP option 55 support
  Fixed buffer leakage bug
  Modified TCP Support RFC 3360 standard
  Modified PPPoE/L2TP/PPTP fragmentation supports fragmenting 1 packet into more than 3.
  Modified MTU/MRU function for better handling

Firmware upgrades for the following devices: BEFSR11, BEFSR41, BEFSR81, BEFSRU31, BEFW11S4 (except Version 1), can be found here. Still, better late than never eh! :wink:

[GoldKey]

Interestingly, according to this slashdot story - http://slashdot.org/articles/04/06/0...id=126&tid=172 the backdoor password was not removed, just changed, and the new one is already out.

[Jonathon Watkins]

:roll: It never ends? :?

[psyfactor]

Slashdot thread is about a security hole in NetGear router not Linksys

[GoldKey]

Quote:

Originally Posted by PsyFactor

Slashdot thread is about a security hole in NetGear router not Linksys

Sorry, that will teach me to link back to something I read earlier today without double checking the article. It is still funny though.

[brianchris]

We can't all celebrate yet. A number of Linksys Routers were implicated in the original article (http://www.theinquirer.net/?article=16298), yet the only router to have a firmware upgrade so far that addresses the issue is the BEFSR41.

Granted the BEFSR41 is extremely popular and widley adopted, but the fact remains many other Linksys routers are apparently affected and are still waiting to be patched.

[Jason Dunn]

Makes me happy that I have a now-discontinued and obscure MN-700 router from that little Microsoft company. :lol:

[Brian Johnson]

The link below takes you to Linksys Knowledgebase that links to firmware upgrades for BEFSR11, BEFSR41, BEFSR81, BEFSRU31, BEFW11S4(except Version 1)

Jonathon: your front page post should reflect these devices in the link also, not just the BEFSR41.

http://linksys.custhelp.com/cgi-bin/...user/entry.php

[Jonathon Watkins]

Thanks for that Brian - a good point. I have updated the post with this info. Cheers.

[Jonathon Watkins]

Quote:

Originally Posted by Jason Dunn

Makes me happy that I have a now-discontinued and obscure MN-700 router from that little Microsoft company. :lol:

A silver lining to every cloud eh Jason? :wink: