Issue: ----------------------------------------------------------------|
LG Electronics LS5316s is a LAN switch. When configured with IP
address to access via telnet, or WWW interface, it is vulnerable
to network attacks resulting in Denial of Service.
Description: ----------------------------------------------------------|
When configured with IP address to access it via network with
telnet or www-based interface, LS5316s is vulnerable to at least
one bug, resulting from memory allocation function buffer overflow.
Second bug is directly in the telnet service, when checking
passwords. The same technique with random data stream is used,
however few ENTER characters should be sent at first, to
overcome router primary prompt waiting for that key to be
pressed. In this case, router reboots with no message.
Vulnerable versions: --------------------------------------------------|
All software versions up to and including X.Y are vulnerable to
this types of attack.
The vendor representative was informed about this vulnerability on
2002-04-18, and LG untill that day has not released any new
software version.
Info on this advisory: ------------------------------------------------|
This advisory can be accessed on-line at my personal site:
http://mr0vka.eu.org/docs/advisories/lg-5316s-2002-04-18.html
or in plain-text:
http://mr0vka.eu.org/docs/advisories/lg-5316s-2002-04-18.txt
My personal GPG key fingerprint is located at following address:
http://mr0vka.eu.org/aboutme/index.html#pgp
Disclaimer: -----------------------------------------------------------|
None at this time.