ID
VAR-E-200602-0563
TITLE
Multiple D-Link Products IP Fragment Reassembly Denial of Service Vulnerability
Trust: 0.3
DESCRIPTION
Multiple D-Link devices are susceptible to a remote denial-of-service vulnerability. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets.
This issue allows remote attackers to crash and reboot affected devices, denying service to legitimate users.
D-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected.
It is reported that US Robotics USR8054 devices are also affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | u s robotics | model: | usr8054 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | di-784 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | di-624 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | di-524 | scope: | eq | version: | 3.20 | Trust: 0.3 |
| vendor: | d link | model: | di-524 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | di-614+ | scope: | ne | version: | 2.30 | Trust: 0.3 |
| vendor: | d link | model: | di-614+ | scope: | ne | version: | 2.18 | Trust: 0.3 |
| vendor: | d link | model: | di-614+ | scope: | ne | version: | 2.10 | Trust: 0.3 |
| vendor: | d link | model: | di-614+ f | scope: | ne | version: | 2.0 | Trust: 0.3 |
| vendor: | d link | model: | di-614+ 3g | scope: | ne | version: | 2.0 | Trust: 0.3 |
| vendor: | d link | model: | di-614+ | scope: | ne | version: | 2.03 | Trust: 0.3 |
| vendor: | d link | model: | di-614+ | scope: | ne | version: | 2.0 | Trust: 0.3 |
| vendor: | d link | model: | di-604 | scope: | ne | version: | - | Trust: 0.3 |
EXPLOIT
An exploit is not required.
An exploit by Aaron Portnoy is available that is designed to send packets that trigger this issue.
Bullet list:
<li><a href="/data/vulnerabilities/exploits/dlink_udp_dos.c">/data/vulnerabilities/exploits/dlink_udp_dos.c</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Discovered by Aaron Portnoy <aportnoy@ccs.neu.edu>.
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 16621 | Trust: 0.3 |
REFERENCES
| url: | http://thunkers.net/~deft/advisories/dlink_udp_dos.txt | Trust: 0.3 |
| url: | http://www.d-link.com/ | Trust: 0.3 |
| url: | http://www.usr.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 16621 |
LAST UPDATE DATE
2022-07-27T10:02:13.839000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 16621 | date: | 2006-02-14T18:53:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 16621 | date: | 2006-02-13T00:00:00 |