[14816] in bugtraq
Cayman 3220-H DSL Router DOS
daemon@ATHENA.MIT.EDU (cassius@HUSHMAIL.COM)
Sat May 6 19:36:39 2000
Message-Id: <200005052356.QAA00874@mail5.hushmail.com>
Date: Fri, 5 May 2000 16:56:56 -0800
Reply-To: cassius@HUSHMAIL.COM
From: cassius@HUSHMAIL.COM
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-[ Cayman 3220-H DSL Router DOS ]-
[ Intro ]
Simple DOS attack against Cayman 3220-H DSL Router.
This message has been copied to Cayman.
[ Description ]
Large username or password strings sent to the Cayman HTTP admin interface
restart the router.
Router log will show "restart not in response to admin command".
[ Tested Versions ]
Hardware:
Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) plus 4-port hub
Software:
GatorSurf version 5.3.0 (build R1)
GatorSurf version 5.3.0 (build R2)
GatorSurf version 5.5.0 (build R0) <most recent version>
[ Exploit ]
Open URL for router admin interface in your browser.
Username: ...................(x79 or more)
After router restarts (10 seconds) hit refresh on your browser if you want
to down it again.
If you want to be lame you could code this to keep a router down all day
long.
- cassius@hushmail.com
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
