We found the same vulnerabilty and reported to the vender on 9 Aug 2002.
Since the vender reported that this problem has been addressed, we have
decided to release this advisory after confirming the fix.
---
On 13 Nov 2002 19:39:12 -0000
Andrei Mikhailovsky <andrei (at) arhont (dot) com [email concealed]> wrote:
>
>
> Arhont Ltd. - Information Security
>
> Arhont Advisory by: Andrei Mikhailovsky
> (www.arhont.com)
> Advisory: Buffalo AP
> AP Model Name: WLA-L11G Ver.2.31
> Wireless Firmware: WLI-PCM-L11G Ver.6.14
> Model Specific: Other versions of
> Buffalo APs might be vulnerable
> Manufacturer site: http://www.buffalotech.com
> Manufacturer contact: info (at) buffalotech (dot) com [email concealed]
> Contact Date: 25/10/2002
---
------------------------------------------------------------------------
--
SNS Advisory No.59
Buffalo Wireless LAN Access Point Denial of Service Vulnerability
Problem first discovered: 9 Aug 2002
Published: 3 Dec 2002
http://www.lac.co.jp/security/english/snsadv_e/59_e.html
------------------------------------------------------------------------
--
Overview:
---------
A vulnerability was found in WLAR-L11G-L, a wireless access point from
MELCO Inc., that causes a denial of service condition. Although this
vulnerabilty was reported by Bugtraq on Nov. 13, 2002, we contacted the
technical support of MELCO Inc. regarding this issue on August 9th and
were waiting for a response. Since MELCO Inc. reported that this problem
has been addressed, we have decided to release this advisory after
confirming the fix.
Problem Description:
--------------------
WLAR-L11G-L contains a web server which is used to administer the access
point. WLAR-L11G-L reboots whenever the web server receives a specific
HTTP request.
For example, sending the following request by telnet client can reboot
the access point.
"GET / HTTP/1.0"
By sending the request continuously, a remote attacker can cause a denial
of service condition. The access point resumes normal operation when the
attacker stops sending requests.
Solution:
---------
This problem can be eliminated by updating the firmware to Ver 1.41.180
beta3 or later.
Chronology of Events:
---------------------
9 Aug 2002 : We discovered the vulnerability
9 Aug 2002 : We reported the findings to MELCO Inc.
16 Aug 2002 : MELCO Inc. sent a reply
28 Oct 2002 : MELCO Inc. reported that this problem will be fixed late in
November
26 Nov 2002 : MELCO Inc. reported that this problem has been fixed by the
fix of another problem
Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.
Since the vender reported that this problem has been addressed, we have
decided to release this advisory after confirming the fix.
---
On 13 Nov 2002 19:39:12 -0000
Andrei Mikhailovsky <andrei (at) arhont (dot) com [email concealed]> wrote:
>
>
> Arhont Ltd. - Information Security
>
> Arhont Advisory by: Andrei Mikhailovsky
> (www.arhont.com)
> Advisory: Buffalo AP
> AP Model Name: WLA-L11G Ver.2.31
> Wireless Firmware: WLI-PCM-L11G Ver.6.14
> Model Specific: Other versions of
> Buffalo APs might be vulnerable
> Manufacturer site: http://www.buffalotech.com
> Manufacturer contact: info (at) buffalotech (dot) com [email concealed]
> Contact Date: 25/10/2002
---
------------------------------------------------------------------------
--
SNS Advisory No.59
Buffalo Wireless LAN Access Point Denial of Service Vulnerability
Problem first discovered: 9 Aug 2002
Published: 3 Dec 2002
http://www.lac.co.jp/security/english/snsadv_e/59_e.html
------------------------------------------------------------------------
--
Overview:
---------
A vulnerability was found in WLAR-L11G-L, a wireless access point from
MELCO Inc., that causes a denial of service condition. Although this
vulnerabilty was reported by Bugtraq on Nov. 13, 2002, we contacted the
technical support of MELCO Inc. regarding this issue on August 9th and
were waiting for a response. Since MELCO Inc. reported that this problem
has been addressed, we have decided to release this advisory after
confirming the fix.
Problem Description:
--------------------
WLAR-L11G-L contains a web server which is used to administer the access
point. WLAR-L11G-L reboots whenever the web server receives a specific
HTTP request.
For example, sending the following request by telnet client can reboot
the access point.
"GET / HTTP/1.0"
By sending the request continuously, a remote attacker can cause a denial
of service condition. The access point resumes normal operation when the
attacker stops sending requests.
Solution:
---------
This problem can be eliminated by updating the firmware to Ver 1.41.180
beta3 or later.
http://buffalo.melcoinc.co.jp/download/driver/lan/wlar-l11-l.html#2
Chronology of Events:
---------------------
9 Aug 2002 : We discovered the vulnerability
9 Aug 2002 : We reported the findings to MELCO Inc.
16 Aug 2002 : MELCO Inc. sent a reply
28 Oct 2002 : MELCO Inc. reported that this problem will be fixed late in
November
26 Nov 2002 : MELCO Inc. reported that this problem has been fixed by the
fix of another problem
Discovered by:
--------------
Atsushi Nishimura a.nisimr (at) lac.co (dot) jp [email concealed]
Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.
------------------------------------------------------------------
SecureNet Service(SNS) Security Advisory <snsadv (at) lac.co (dot) jp [email concealed]>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
[ reply ]