Sign-up

ID

VAR-200803-0511


TITLE

Livebox TP Router Remote Overflow Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2008-1113

DESCRIPTION

Livebox TP is a broadband router widely used in Poland. The Livebox TP has an input validation vulnerability when processing malformed user requests, and a remote attacker could exploit this vulnerability to control the server. The ADI Convergence Galaxy FTP server embedded in the Livebox TP does not properly validate user input parameters. If a remote attacker sends a specially crafted message to the router's FTP service, it may trigger a buffer overflow, causing the service to crash. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Livebox TP Router ADI Convergence Galaxy FTP Server Denial of Service SECUNIA ADVISORY ID: SA29199 VERIFY ADVISORY: http://secunia.com/advisories/29199/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Livebox TP Router http://secunia.com/product/17862/ DESCRIPTION: 0in has reported a vulnerability in Livebox TP routers, which can be exploited by malicious people to cause a DoS (Denial of Service). Other versions may also be affected. SOLUTION: Restrict network access to the FTP service. PROVIDED AND/OR DISCOVERED BY: 0in ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: CNVD: CNVD-2008-1113 // BID: 28066 // PACKETSTORM: 64254

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2008-1113

AFFECTED PRODUCTS

vendor:neostradamodel:livebox adsl router tpscope:eqversion: -

Trust: 0.6

vendor:neostradamodel:tp livebox routerscope:eqversion:0

Trust: 0.3

vendor:adimodel:convergence galaxy ftp serverscope:eqversion:0.1

Trust: 0.3

sources: CNVD: CNVD-2008-1113 // BID: 28066

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2008-1113
value: HIGH

Trust: 0.6

CNVD: CNVD-2008-1113
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2008-1113

THREAT TYPE

network

Trust: 0.3

sources: BID: 28066

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 28066

EXTERNAL IDS

db:BIDid:28066

Trust: 0.9

db:SECUNIAid:29199

Trust: 0.7

db:CNVDid:CNVD-2008-1113

Trust: 0.6

db:PACKETSTORMid:64254

Trust: 0.1

sources: CNVD: CNVD-2008-1113 // BID: 28066 // PACKETSTORM: 64254

REFERENCES

url:http://secunia.com/advisories/29199/

Trust: 0.7

url:/archive/1/489008

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:https://psi.secunia.com/?page=changelog

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/product/17862/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2008-1113 // BID: 28066 // PACKETSTORM: 64254

CREDITS

0in is credited with the discovery of this vulnerability.

Trust: 0.3

sources: BID: 28066

SOURCES

db:CNVDid:CNVD-2008-1113
db:BIDid:28066
db:PACKETSTORMid:64254

LAST UPDATE DATE

2022-05-17T22:48:12.003000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2008-1113date:2008-03-01T00:00:00
db:BIDid:28066date:2008-03-03T16:32:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2008-1113date:2008-03-01T00:00:00
db:BIDid:28066date:2008-03-01T00:00:00
db:PACKETSTORMid:64254date:2008-03-04T21:58:46