SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   D-Link Router Vendors:   D-Link Systems, Inc.
D-Link Dl-704 DSL Router Can Be Crashed By Remote Users Sending Improperly Fragmented IP Packets
SecurityTracker Alert ID:  1002351
SecurityTracker URL:  http://securitytracker.com/id/1002351
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 8 2001
Impact:   Denial of service via network
Fix Available:  Yes  Exploit Included:  Yes  
Version(s): Dl-704, possibly others
Description:   Fate Research Labs reported a vulnerability in the D-Link Dl-704 DSL router that allows remote users to cause the router to crash.

A remote user can reportedly generate a large number of identical/incorrectly fragmented IP packets to cause the router to stop forwarding packets. A reboot is required to return to normal operation.

Impact:   A remote user can cause the DSL router to crash.
Solution:   Download new firmware. It is reported that version V2.56b6 or later will fix the flaw. It is available at:

http://www.dlink.com.tw/2000e/download/download.htm

Vendor URL:  www.dlink.com/products/broadband/di704/ (Links to External Site)
Cause:   Resource error

Message History:   None.


 Source Message Contents

Subject:  Malformed Fragmented Packets DoS Dlink Firewall/Routers


------=_NextPart_000_002E_01C1370D.AF77A180
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

                 ____
                /    /\ 
               /____/  \____                                 
               \    \  /   /\     
_______________ \____\   _/  \ _____________________________________
              __/__  /\   \  / Fate Research Labs Security Advisory
              \    \/ /\  /\/\ Networking Division
               \____\/__\/  \ \   
                    \    \  /\ \    
                     \____\/__\/ 
--------------------------------------------------------------------

 
Details:           DLink Firewall/Router Vulnerable to Malformed 
	             Fragmented Packets
Advisory ID:       F8-DLINK20010906
Issue date:        062001SEPT
Fate Division:     Networking

Researcher:        Jonas <jonas@fatelabs.com>
Position:          Research Scientist
Severity:          Medium/High

Vendor Status:     Contacted: No Response
Vendor Web Site:   http://www.dlink.com
Platform:          Confirmed on D-Link 704 home broadband 
                   firewall/router. 
Exploit Available: http://www.fatelabs.com 

____________________________________________________________________

1. Summary

The popular home broadband sharing device Dl-704 by DLink Technologies
can easily be DoS'ed through malformed fragmented packets. Utilizing any 
standard packet crafting tool for these packets, generating a large 
number of identical/incorrectly fragmented IP packets causing the router 
to immediately stop forwarding packets and after approx. 2 minutes will 
require a reboot.





1a. Fragmentation

The DoS relies on an exploit involving IP fragmentation, which is a 
process whereby IP datagrams are subdivided into smaller data packets 
during transit. Fragmentation is required because every network 
architecture carries data in groups called frames, and the maximum 
frame size varies from network to network. When an IP datagram enters 
a network whose maximum frame size is smaller than the size of the 
datagram, it is split into fragments. Thereafter, the fragments 
travel separately to their destination, at which point they are 
re-assembled and processed. 






3. Exploit

Fate Research Labs felt it would be a waste of valuable
resources to recreate the wheel. Why rewrite code that is already
available? Jolt2.c or hping2 can be downloaded from your favorite 
neighborhood sploit store. These 2 tools will accomplish the
same effect. 




4. Patch Details

Download new firmware. V2.56b6 or later will fix it.
http://www.dlink.com.tw/2000e/download/download.htm

The US site only holds V2.55b15.




5. Shouts!

You bitches thought Fate Labs was dead?! In the words of M1ch34L 
J4cKs0N y0! "You ain't seen nuthin yet!" Shouts to ph33r,
Denatus, Soundman, Punisher, the coolio rehashed, Banned-it
and all @fate labs! "Let them hate us, provided 
they fear us." Long live our reign!




6. Standard Hello To anti.security.is

A big fuck you to the arrogant bastards at anti.security.is. 
You are nothing more than a gaggle of Beetlejuice elitists 
trying to keep your 0day spl0it-pot from being released. Look 
at the beliefs you stand for before judging the beliefs of 
others. You claim that your beliefs protect the security vendors 
by "eliminating the communication medium for new exploits?" 
Maybe if they knew that you wanted to stop full disclosure 
so you could keep using your 0day on their customers networks 
without fear of it publishing on Bugtraq, you wouldn't look like 
such heroes. "Save a bug?" Here's your fucking bug, its dead, we 
squashed it with our 31337 0day advisory.

  - Fate Research Labs
    Soldiers for Full Disclosure
          ____
         /   /_____
        /   //     \
       /   / \ \    \
      /.__/   \ \__ .\
//___\\   \  / \_____//__________________________________________
       \____/ F8



------=_NextPart_000_002E_01C1370D.AF77A180
Content-Type: text/plain;
	name="f8-dlink20010906.txt"
Content-Transfer-Encoding: 8bit            
Content-Disposition: attachment;
	filename="f8-dlink20010906.txt"

                 ____
                /    /\ 
               /____/  \____                                 
               \    \  /   /\     
______________  \____\   _/  \ __________________________________________________
              __/__  /\   \  / Fate Research Labs Security Advisory
              \    \/ /\  /\/\ Networking Division
               \____\/__\/  \ \   
                    \    \  /\ \    
                     \____\/__\/ 
-----------------------------------------------------------------------------------

 
Details:           DLink Firewall/Router Vulnerable to Malformed Fragmented Packets
Advisory ID:       F8-DLINK20010906
Issue date:        062001SEPT
Fate Division:     Networking

Researcher:        Jonas <jonas@fatelabs.com>
Position:          Research Scientist
Severity:          Medium/High

Vendor Status:     Contacted: No Response
Vendor Web Site:   http://www.dlink.com
Platform:          Confirmed on D-Link 704 home broadband firewall/router. 
Exploit Available: http://www.fatelabs.com 

__________________________________________________________________________________

1. Summary

The popular home broadband sharing device Dl-704 by DLink Technologies
can easily be DoS'ed through malformed fragmented packets. Utilizing any 
standard packet crafting tool for these packets, generating a large number of 
identical/incorrectly fragmented IP packets causing the router to 
immediately stop forwarding packets and after approx. 2 minutes will require a 
reboot.





1a. Fragmentation

The DoS relies on an exploit involving IP fragmentation, which is a 
process whereby IP datagrams are subdivided into smaller data packets 
during transit. Fragmentation is required because every network 
architecture carries data in groups called frames, and the maximum 
frame size varies from network to network. When an IP datagram enters 
a network whose maximum frame size is smaller than the size of the 
datagram, it is split into fragments. Thereafter, the fragments 
travel separately to their destination, at which point they are 
re-assembled and processed. 






3. Exploit

Fate Research Labs felt it would be a waste of valuable
resources to recreate the wheel. Why rewrite code that is already
available? Jolt2.c or hping2 can be downloaded from your favorite 
neighborhood sploit store. These 2 tools will accomplish the
same effect. 




4. Patch Details

Download new firmware. V2.56b6 or later will fix it.
http://www.dlink.com.tw/2000e/download/download.htm

The US site only holds V2.55b15.




5. Shouts!

You bitches thought Fate Labs was dead?! In the words of M1ch34L 
J4cKs0N y0! "You ain't seen nuthin yet!" Shouts to ph33r,
Denatus, Soundman, Punisher, the coolio rehashed, my buddy Loki, 
and all @fate labs! "Let them hate us, provided they fear us." Long
live our reign!




6. Standard Hello To anti.security.is

A big fuck you to the arrogant bastards at anti.security.is. You are 
nothing more than a gaggle of Beetlejuice elitists trying to keep your 0day 
spl0it-pot from being released. Look at the beliefs you stand for before 
judging the beliefs of others. You claim that your beliefs protect the 
security vendors by "eliminating the communication medium for new exploits?" 
Maybe if they knew that you wanted to stop full disclosure so you could 
keep using your 0day on their customers networks without fear of it 
publishing on Bugtraq, you wouldn't look like such heroes.
"Save a bug?" Here's your fucking bug, its dead, we squashed it with our
31337 0day advisory.

  - Fate Research Labs
    Soldiers for Full Disclosure



          ____
         /   /_____
        /   //     \
       /   / \ \    \
      /.__/   \ \__ .\
//___\\   \  / \_____//________________________________________________________
       \____/ F8



------=_NextPart_000_002E_01C1370D.AF77A180--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC