This is the mail archive of the ecos-bugs@sourceware.org mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass


Please do not reply to this email, use the link below.

http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002195

            Bug ID: 1002195
           Summary: SYN Flood or FIN Flood attack results in web
                    Authentication Bypass
           Product: eCos
           Version: unknown
            Target: linux (Linux synthetic target)
 Architecture/Host_ HostOS: Linux
                OS:
            Status: UNCONFIRMED
          Keywords: Chargeable
          Severity: critical
          Priority: high
         Component: Other
          Assignee: unassigned@bugs.ecos.sourceware.org
          Reporter: niteshvai67@gmail.com
        QA Contact: ecos-bugs@ecos.sourceware.org
                CC: ecos-bugs@ecos.sourceware.org

eCos Embedded Web Servers used by Multiple Routers and Home devices, while
sending SYN Flood or FIN Flood packets fails to validate and handle the packets
and does not ask for any sign of authentication resulting in Authentication
Bypass. An attacker can take complete advantage of this bug and take over the
device remotely or locally.
The bug has been successfully tested and reproduced in some versions of SOHO
Routers manufactured by TOTOLINK,  GREATEK and others.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]