iDEFENSE Security Advisory 09.13.05 - Remote exploitation of an input validation error within the web management httpd component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated users to cause a denial of service (DoS). The vulnerability exists in several of the POST method handlers of the httpd running on the router's internal interfaces, including by default the wireless interface. In addition to not checking if authentication has failed until after data supplied by an external user has been processed, there are several places where the Content-Length is assumed to be valid. In some of those cases, data is read in without error checking while decrementing the length value. If the Content Length is set to a negative number, these checks will take an extremely long time, during which the httpd will become unresponsive. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.3 of the firmware of the Linksys WRT54G wireless router,...
iDEFENSE Security Advisory 09.13.05 - Remote exploitation of an input validation error within the web management httpd component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated users to cause a denial of service (DoS). The vulnerability exists in several of the POST method handlers of the httpd running on the router's internal interfaces, including by default the wireless interface. In addition to not checking if authentication has failed until after data supplied by an external user has been processed, there are several places where the Content-Length is assumed to be valid. In some of those cases, data is read in without error checking while decrementing the length value. If the Content Length is set to a negative number, these checks will take an extremely long time, during which the httpd will become unresponsive. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.3 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.
