public inbox for ecos-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass
@ 2016-10-30 23:55 bugzilla-daemon
0 siblings, 0 replies; only message in thread
From: bugzilla-daemon @ 2016-10-30 23:55 UTC (permalink / raw)
To: unassigned
Please do not reply to this email, use the link below.
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002195
Bug ID: 1002195
Summary: SYN Flood or FIN Flood attack results in web
Authentication Bypass
Product: eCos
Version: unknown
Target: linux (Linux synthetic target)
Architecture/Host_ HostOS: Linux
OS:
Status: UNCONFIRMED
Keywords: Chargeable
Severity: critical
Priority: high
Component: Other
Assignee: unassigned@bugs.ecos.sourceware.org
Reporter: niteshvai67@gmail.com
QA Contact: ecos-bugs@ecos.sourceware.org
CC: ecos-bugs@ecos.sourceware.org
eCos Embedded Web Servers used by Multiple Routers and Home devices, while
sending SYN Flood or FIN Flood packets fails to validate and handle the packets
and does not ask for any sign of authentication resulting in Authentication
Bypass. An attacker can take complete advantage of this bug and take over the
device remotely or locally.
The bug has been successfully tested and reproduced in some versions of SOHO
Routers manufactured by TOTOLINK, GREATEK and others.
--
You are receiving this mail because:
You are the assignee for the bug.
>From ecos-bugs-return-11167-listarch-ecos-bugs=sources.redhat.com@sourceware.org Mon Oct 24 06:23:22 2016
Return-Path: <ecos-bugs-return-11167-listarch-ecos-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-ecos-bugs@sources.redhat.com
Received: (qmail 126608 invoked by alias); 24 Oct 2016 06:23:21 -0000
Mailing-List: contact ecos-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <ecos-bugs.sourceware.org>
List-Subscribe: <mailto:ecos-bugs-subscribe@sourceware.org>
List-Post: <mailto:ecos-bugs@sourceware.org>
List-Help: <mailto:ecos-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: ecos-bugs-owner@sourceware.org
Delivered-To: mailing list ecos-bugs@sourceware.org
Received: (qmail 126513 invoked by uid 89); 24 Oct 2016 06:23:16 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=manufactured, Servers, SOHO, soho
X-HELO: mail.ecoscentric.com
Received: from albus.ecoscentric.com (HELO mail.ecoscentric.com) (212.13.207.200)
by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 24 Oct 2016 06:23:05 +0000
Received: from localhost (localhost [127.0.0.1])
by mail.ecoscentric.com (Postfix) with ESMTP id 28EE2A8B0CB
for <ecos-bugs@ecos.sourceware.org>; Mon, 24 Oct 2016 07:22:54 +0100 (BST)
Received: from mail.ecoscentric.com ([127.0.0.1])
by localhost (albus.ecoscentric.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id S9-Bju8qn1OP for <ecos-bugs@ecos.sourceware.org>;
Mon, 24 Oct 2016 07:22:53 +0100 (BST)
From: bugzilla-daemon@ecoscentric.com
Authentication-Results: mail.ecoscentric.com; dkim=permerror (bad message/signature format)
To: ecos-bugs@ecos.sourceware.org
Subject: [Bug 1002195] New:
SYN Flood or FIN Flood attack results in web Authentication Bypass
Date: Sun, 06 Nov 2016 23:55:00 -0000
X-Bugzilla-Reason: QAcontact CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: eCos
X-Bugzilla-Component: Other
X-Bugzilla-Version: unknown
X-Bugzilla-Keywords: Chargeable
X-Bugzilla-Severity: critical
X-Bugzilla-Who: niteshvai67@gmail.com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution:
X-Bugzilla-Priority: high
X-Bugzilla-Assigned-To: unassigned@bugs.ecos.sourceware.org
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
bug_id short_desc product version rep_platform op_sys bug_status keywords
bug_severity priority component assigned_to reporter qa_contact cc
Message-ID: <bug-1002195-13@http.bugs.ecos.sourceware.org/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.ecos.sourceware.org/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2016/txt/msg00108.txt.bz2
Content-length: 1339
Please do not reply to this email, use the link below.
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002195
Bug ID: 1002195
Summary: SYN Flood or FIN Flood attack results in web
Authentication Bypass
Product: eCos
Version: unknown
Target: linux (Linux synthetic target)
Architecture/Host_ HostOS: Linux
OS:
Status: UNCONFIRMED
Keywords: Chargeable
Severity: critical
Priority: high
Component: Other
Assignee: unassigned@bugs.ecos.sourceware.org
Reporter: niteshvai67@gmail.com
QA Contact: ecos-bugs@ecos.sourceware.org
CC: ecos-bugs@ecos.sourceware.org
eCos Embedded Web Servers used by Multiple Routers and Home devices, while
sending SYN Flood or FIN Flood packets fails to validate and handle the packets
and does not ask for any sign of authentication resulting in Authentication
Bypass. An attacker can take complete advantage of this bug and take over the
device remotely or locally.
The bug has been successfully tested and reproduced in some versions of SOHO
Routers manufactured by TOTOLINK, GREATEK and others.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
>From ecos-bugs-return-11168-listarch-ecos-bugs=sources.redhat.com@sourceware.org Sun Oct 30 23:55:17 2016
Return-Path: <ecos-bugs-return-11168-listarch-ecos-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-ecos-bugs@sources.redhat.com
Received: (qmail 123971 invoked by alias); 30 Oct 2016 23:55:16 -0000
Mailing-List: contact ecos-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <ecos-bugs.sourceware.org>
List-Subscribe: <mailto:ecos-bugs-subscribe@sourceware.org>
List-Post: <mailto:ecos-bugs@sourceware.org>
List-Help: <mailto:ecos-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: ecos-bugs-owner@sourceware.org
Delivered-To: mailing list ecos-bugs@sourceware.org
Received: (qmail 123961 invoked by uid 89); 30 Oct 2016 23:55:15 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_50,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=HDKIM-Filter:OpenDKIM, HDKIM-Filter:Filter, HDKIM-Filter:v2.10.3, panel
X-HELO: mail.ecoscentric.com
Received: from albus.ecoscentric.com (HELO mail.ecoscentric.com) (212.13.207.200)
by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 30 Oct 2016 23:55:05 +0000
Received: by mail.ecoscentric.com (Postfix, from userid 512)
id 48CD8A8A7C8; Sun, 30 Oct 2016 23:55:03 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ecoscentric.com 48CD8A8A7C8
X-Original-To: unassigned@bugs.ecos.sourceware.org
Delivered-To: unassigned@bugs.ecos.sourceware.org
Content-Transfer-Encoding: quoted-printable
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ecoscentric.com 6EBDAA8A7C8
Content-Type: text/plain; charset="UTF-8"
From: bugzilla-daemon@ecoscentric.com
To: unassigned@bugs.ecos.sourceware.org
Subject: Your Bugzilla bug list needs attention.
X-Bugzilla-Type: whine
Date: Sun, 13 Nov 2016 23:55:00 -0000
X-Bugzilla-URL: http://bugs.ecos.sourceware.org/
Auto-Submitted: auto-generated
MIME-Version: 1.0
Message-Id: <20161030235502.6EBDAA8A7C8@mail.ecoscentric.com>
X-SW-Source: 2016/txt/msg00109.txt.bz2
Content-length: 3567
[This e-mail has been automatically generated.]
You have one or more bugs assigned to you in the Bugzilla bug tracking system (http://bugs.ecos.sourceware.org/) that require
attention.
All of these bugs are in the CONFIRMED
state, and have not been touched in 7 days or more.
You need to take a look at them, and decide on an initial action.
Generally, this means one of three things:
(1) You decide this bug is really quick to deal with (like, it's INVALID),
and so you get rid of it immediately.
(2) You decide the bug doesn't belong to you, and you reassign it to
someone else. (Hint: if you don't know who to reassign it to, make
sure that the Component field seems reasonable, and then use the
"Reset Assignee to default" option.)
(3) You decide the bug belongs to you, but you can't solve it this moment.
Accept the bug by setting the status to IN_PROGRESS.
To get a list of all CONFIRMED bugs, you can use this URL (bookmark
it if you like!):
http://bugs.ecos.sourceware.org/buglist.cgi?bug_status=CONFIRMED&assigned_to=unassigned@bugs.ecos.sourceware.org
Or, you can use the general query page, at
http://bugs.ecos.sourceware.org/query.cgi
Appended below are the individual URLs to get to all of your CONFIRMED bugs
that haven't been touched for 7 days or more.
You will get this message once a day until you've dealt with these bugs!
STM32 USB driver unplugging/replugging issue
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001084
Navigation of the documentation using PREV NEXT PARENT arrows broken
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001146
help documentation tree does not correspond to viewed document
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001148
documentation tree in navigation panel does not open at viewed document
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001149
CAN loopback driver requires CYGPKG_DEVS_CAN_LOOP_CAN[01]
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001211
eCos GNU tools 4.6.3
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001468
Fix compiler warnings about mismatch between log() format string and argument values.
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001510
Array index out of bounds in tftp_server.c
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001522
Cortex-M: Remote 'g' packet reply is too long
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001524
BSD nc_test_slave chrashes
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001586
[RFC] eCos FLASH startup from RedBoot
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001623
Kinetis variant HAL patch: mostly cosmetic and descriptive improvements
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001783
Kinetis DSPI, flash and platform HAL tidies
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001784
Data not relocated to RAM during ROMINT startup
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001864
Freescale ENET support fot little endian.
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002114
KSZ8081 Ethernet PHY driver.
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002115
Prepare Kinetis for Gen2 K
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002116
Freescale UART - some macros for advanced serial buffers.
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002117
outdated expectations in documentation
-> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002126
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-10-24 6:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-30 23:55 [Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).