SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   D-Link Print Server Vendors:   D-Link Systems, Inc.
D-Link DP-300+ Print Server Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1004868
SecurityTracker URL:  http://securitytracker.com/id/1004868
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 28 2002
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   A vulnerability was reported in the D-Link DP-300+ Print Server. A remote user can cause the print server to crash.

Phenoelit reported that a remote user can send a large POST request to a web page on the server's web-based management interface to cause the server to crash.

The vendor has reportedly been notified.

Impact:   A remote user can cause the print server to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.dlink.com/ (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)


--------------070304040707010103040102
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit


-- 
            kim0   <kim0@phenoelit.de>
        Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

--------------070304040707010103040102
Content-Type: text/plain;
 name="dp-300.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="dp-300.txt"


Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 ++-+>

[ Authors ]
	FX		<fx@phenoelit.de>
        FtR             <ftr@phenoelit.de>

	Phenoelit Group	(http://www.phenoelit.de)
	Advisory	http://www.phenoelit.de/stuff/dp-300.txt

[ Affected Products ]
        D-Link
			DP-300+

        D-Link Bug ID:	Not assigned

[ Vendor communication ]
        07/07/02        Initial Notification
                        *Note-Initial notification by phenoelit
                        includes a cc to cert@cert.org by default
        07/19/02        Notification of intent to post public in apx.
                        7 days.


[ Overview ]
        The D-Link Ethernet/Fast Ethernet Print Server DP-300+
        provides network connectivity for printers.
	
[ Description ]
        By sending an oversized POST request to an existing web page such 
	as /Config1.htm, the device web server dies.  A process appears to be 
	listening on the port but will no longer answer requests.  Additionally, 
	the print server reports an uptime of less then one minute after the 
	attack, indicating that the software dies during this time.

[ Example ]
        See above

[ Solution ]
	None known at this time. 

[ end of file ]




--------------070304040707010103040102--


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC