Issue: ----------------------------------------------------------------|

   LG Electronics LS5316s is a LAN switch. When configured with IP
   address to access via telnet, or WWW interface, it is vulnerable
   to network attacks resulting in Denial of Service.

Description: ----------------------------------------------------------|

   When configured with IP address to access it via network with
   telnet or www-based interface, LS5316s is vulnerable to at least
   one bug, resulting from memory allocation function buffer overflow.
   
   Second bug is directly in the telnet service, when checking
   passwords. The same technique with random data stream is used,
   however few ENTER characters should be sent at first, to
   overcome router primary prompt waiting for that key to be
   pressed. In this case, router reboots with no message.

Vulnerable versions: --------------------------------------------------|

   All software versions up to and including X.Y are vulnerable to
   this types of attack.

   The vendor representative was informed about this vulnerability on
   2002-04-18, and LG untill that day has not released any new
   software version.

Info on this advisory: ------------------------------------------------|

   This advisory can be accessed on-line at my personal site:<a href="http://mr0vka.eu.org/docs/advisories/lg-5316s-2002-04-18.html">
   http://mr0vka.eu.org/docs/advisories/lg-5316s-2002-04-18.html</a>
   or in plain-text:<a href="http://mr0vka.eu.org/docs/advisories/lg-5316s-2002-04-18.txt">
   http://mr0vka.eu.org/docs/advisories/lg-5316s-2002-04-18.txt</a>
   
   My personal GPG key fingerprint is located at following address:<a href="http://mr0vka.eu.org/aboutme/index.html#pgp">
   http://mr0vka.eu.org/aboutme/index.html#pgp</a>
   
Disclaimer: -----------------------------------------------------------|

   None at this time.