public inbox for ecos-bugs@sourceware.org help / color / mirror / Atom feed
From: bugzilla-daemon@ecoscentric.com To: unassigned@bugs.ecos.sourceware.org Subject: [Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass Date: Sun, 30 Oct 2016 23:55:00 -0000 [thread overview] Message-ID: <bug-1002195-777@http.bugs.ecos.sourceware.org/> (raw) Please do not reply to this email, use the link below. http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002195 Bug ID: 1002195 Summary: SYN Flood or FIN Flood attack results in web Authentication Bypass Product: eCos Version: unknown Target: linux (Linux synthetic target) Architecture/Host_ HostOS: Linux OS: Status: UNCONFIRMED Keywords: Chargeable Severity: critical Priority: high Component: Other Assignee: unassigned@bugs.ecos.sourceware.org Reporter: niteshvai67@gmail.com QA Contact: ecos-bugs@ecos.sourceware.org CC: ecos-bugs@ecos.sourceware.org eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others. -- You are receiving this mail because: You are the assignee for the bug. >From ecos-bugs-return-11167-listarch-ecos-bugs=sources.redhat.com@sourceware.org Mon Oct 24 06:23:22 2016 Return-Path: <ecos-bugs-return-11167-listarch-ecos-bugs=sources.redhat.com@sourceware.org> Delivered-To: listarch-ecos-bugs@sources.redhat.com Received: (qmail 126608 invoked by alias); 24 Oct 2016 06:23:21 -0000 Mailing-List: contact ecos-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: <ecos-bugs.sourceware.org> List-Subscribe: <mailto:ecos-bugs-subscribe@sourceware.org> List-Post: <mailto:ecos-bugs@sourceware.org> List-Help: <mailto:ecos-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs> Sender: ecos-bugs-owner@sourceware.org Delivered-To: mailing list ecos-bugs@sourceware.org Received: (qmail 126513 invoked by uid 89); 24 Oct 2016 06:23:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=manufactured, Servers, SOHO, soho X-HELO: mail.ecoscentric.com Received: from albus.ecoscentric.com (HELO mail.ecoscentric.com) (212.13.207.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 24 Oct 2016 06:23:05 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.ecoscentric.com (Postfix) with ESMTP id 28EE2A8B0CB for <ecos-bugs@ecos.sourceware.org>; Mon, 24 Oct 2016 07:22:54 +0100 (BST) Received: from mail.ecoscentric.com ([127.0.0.1]) by localhost (albus.ecoscentric.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9-Bju8qn1OP for <ecos-bugs@ecos.sourceware.org>; Mon, 24 Oct 2016 07:22:53 +0100 (BST) From: bugzilla-daemon@ecoscentric.com Authentication-Results: mail.ecoscentric.com; dkim=permerror (bad message/signature format) To: ecos-bugs@ecos.sourceware.org Subject: [Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass Date: Sun, 06 Nov 2016 23:55:00 -0000 X-Bugzilla-Reason: QAcontact CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: eCos X-Bugzilla-Component: Other X-Bugzilla-Version: unknown X-Bugzilla-Keywords: Chargeable X-Bugzilla-Severity: critical X-Bugzilla-Who: niteshvai67@gmail.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: high X-Bugzilla-Assigned-To: unassigned@bugs.ecos.sourceware.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter qa_contact cc Message-ID: <bug-1002195-13@http.bugs.ecos.sourceware.org/> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.ecos.sourceware.org/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2016/txt/msg00108.txt.bz2 Content-length: 1339 Please do not reply to this email, use the link below. http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002195 Bug ID: 1002195 Summary: SYN Flood or FIN Flood attack results in web Authentication Bypass Product: eCos Version: unknown Target: linux (Linux synthetic target) Architecture/Host_ HostOS: Linux OS: Status: UNCONFIRMED Keywords: Chargeable Severity: critical Priority: high Component: Other Assignee: unassigned@bugs.ecos.sourceware.org Reporter: niteshvai67@gmail.com QA Contact: ecos-bugs@ecos.sourceware.org CC: ecos-bugs@ecos.sourceware.org eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others. -- You are receiving this mail because: You are the QA Contact for the bug. You are on the CC list for the bug. >From ecos-bugs-return-11168-listarch-ecos-bugs=sources.redhat.com@sourceware.org Sun Oct 30 23:55:17 2016 Return-Path: <ecos-bugs-return-11168-listarch-ecos-bugs=sources.redhat.com@sourceware.org> Delivered-To: listarch-ecos-bugs@sources.redhat.com Received: (qmail 123971 invoked by alias); 30 Oct 2016 23:55:16 -0000 Mailing-List: contact ecos-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: <ecos-bugs.sourceware.org> List-Subscribe: <mailto:ecos-bugs-subscribe@sourceware.org> List-Post: <mailto:ecos-bugs@sourceware.org> List-Help: <mailto:ecos-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs> Sender: ecos-bugs-owner@sourceware.org Delivered-To: mailing list ecos-bugs@sourceware.org Received: (qmail 123961 invoked by uid 89); 30 Oct 2016 23:55:15 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_50,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=HDKIM-Filter:OpenDKIM, HDKIM-Filter:Filter, HDKIM-Filter:v2.10.3, panel X-HELO: mail.ecoscentric.com Received: from albus.ecoscentric.com (HELO mail.ecoscentric.com) (212.13.207.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 30 Oct 2016 23:55:05 +0000 Received: by mail.ecoscentric.com (Postfix, from userid 512) id 48CD8A8A7C8; Sun, 30 Oct 2016 23:55:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ecoscentric.com 48CD8A8A7C8 X-Original-To: unassigned@bugs.ecos.sourceware.org Delivered-To: unassigned@bugs.ecos.sourceware.org Content-Transfer-Encoding: quoted-printable DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ecoscentric.com 6EBDAA8A7C8 Content-Type: text/plain; charset="UTF-8" From: bugzilla-daemon@ecoscentric.com To: unassigned@bugs.ecos.sourceware.org Subject: Your Bugzilla bug list needs attention. X-Bugzilla-Type: whine Date: Sun, 13 Nov 2016 23:55:00 -0000 X-Bugzilla-URL: http://bugs.ecos.sourceware.org/ Auto-Submitted: auto-generated MIME-Version: 1.0 Message-Id: <20161030235502.6EBDAA8A7C8@mail.ecoscentric.com> X-SW-Source: 2016/txt/msg00109.txt.bz2 Content-length: 3567 [This e-mail has been automatically generated.] You have one or more bugs assigned to you in the Bugzilla bug tracking system (http://bugs.ecos.sourceware.org/) that require attention. All of these bugs are in the CONFIRMED state, and have not been touched in 7 days or more. You need to take a look at them, and decide on an initial action. Generally, this means one of three things: (1) You decide this bug is really quick to deal with (like, it's INVALID), and so you get rid of it immediately. (2) You decide the bug doesn't belong to you, and you reassign it to someone else. (Hint: if you don't know who to reassign it to, make sure that the Component field seems reasonable, and then use the "Reset Assignee to default" option.) (3) You decide the bug belongs to you, but you can't solve it this moment. Accept the bug by setting the status to IN_PROGRESS. To get a list of all CONFIRMED bugs, you can use this URL (bookmark it if you like!): http://bugs.ecos.sourceware.org/buglist.cgi?bug_status=CONFIRMED&assigned_to=unassigned@bugs.ecos.sourceware.org Or, you can use the general query page, at http://bugs.ecos.sourceware.org/query.cgi Appended below are the individual URLs to get to all of your CONFIRMED bugs that haven't been touched for 7 days or more. You will get this message once a day until you've dealt with these bugs! STM32 USB driver unplugging/replugging issue -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001084 Navigation of the documentation using PREV NEXT PARENT arrows broken -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001146 help documentation tree does not correspond to viewed document -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001148 documentation tree in navigation panel does not open at viewed document -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001149 CAN loopback driver requires CYGPKG_DEVS_CAN_LOOP_CAN[01] -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001211 eCos GNU tools 4.6.3 -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001468 Fix compiler warnings about mismatch between log() format string and argument values. -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001510 Array index out of bounds in tftp_server.c -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001522 Cortex-M: Remote 'g' packet reply is too long -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001524 BSD nc_test_slave chrashes -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001586 [RFC] eCos FLASH startup from RedBoot -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001623 Kinetis variant HAL patch: mostly cosmetic and descriptive improvements -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001783 Kinetis DSPI, flash and platform HAL tidies -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001784 Data not relocated to RAM during ROMINT startup -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001864 Freescale ENET support fot little endian. -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002114 KSZ8081 Ethernet PHY driver. -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002115 Prepare Kinetis for Gen2 K -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002116 Freescale UART - some macros for advanced serial buffers. -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002117 outdated expectations in documentation -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002126
reply other threads:[~2016-10-24 6:23 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-1002195-777@http.bugs.ecos.sourceware.org/ \ --to=bugzilla-daemon@ecoscentric.com \ --cc=unassigned@bugs.ecos.sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).