From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 126599 invoked by alias); 24 Oct 2016 06:23:21 -0000 Mailing-List: contact ecos-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: ecos-bugs-owner@sourceware.org Received: (qmail 126514 invoked by uid 89); 24 Oct 2016 06:23:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=manufactured, Servers, SOHO, soho X-HELO: mail.ecoscentric.com Received: from albus.ecoscentric.com (HELO mail.ecoscentric.com) (212.13.207.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 24 Oct 2016 06:23:05 +0000 Received: by mail.ecoscentric.com (Postfix, from userid 512) id 30B77A8B075; Mon, 24 Oct 2016 07:22:54 +0100 (BST) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ecoscentric.com 30B77A8B075 From: bugzilla-daemon@ecoscentric.com Authentication-Results: mail.ecoscentric.com; dkim=permerror (bad message/signature format) To: unassigned@bugs.ecos.sourceware.org Subject: [Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass Date: Sun, 30 Oct 2016 23:55:00 -0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: eCos X-Bugzilla-Component: Other X-Bugzilla-Version: unknown X-Bugzilla-Keywords: Chargeable X-Bugzilla-Severity: critical X-Bugzilla-Who: niteshvai67@gmail.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: high X-Bugzilla-Assigned-To: unassigned@bugs.ecos.sourceware.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter qa_contact cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.ecos.sourceware.org/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2016/txt/msg00107.txt.bz2 Please do not reply to this email, use the link below. http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1002195 Bug ID: 1002195 Summary: SYN Flood or FIN Flood attack results in web Authentication Bypass Product: eCos Version: unknown Target: linux (Linux synthetic target) Architecture/Host_ HostOS: Linux OS: Status: UNCONFIRMED Keywords: Chargeable Severity: critical Priority: high Component: Other Assignee: unassigned@bugs.ecos.sourceware.org Reporter: niteshvai67@gmail.com QA Contact: ecos-bugs@ecos.sourceware.org CC: ecos-bugs@ecos.sourceware.org eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the pac= kets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over t= he device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others. --=20 You are receiving this mail because: You are the assignee for the bug. >>From ecos-bugs-return-11167-listarch-ecos-bugs=sources.redhat.com@sourceware.org Mon Oct 24 06:23:22 2016 Return-Path: Delivered-To: listarch-ecos-bugs@sources.redhat.com Received: (qmail 126608 invoked by alias); 24 Oct 2016 06:23:21 -0000 Mailing-List: contact ecos-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: ecos-bugs-owner@sourceware.org Delivered-To: mailing list ecos-bugs@sourceware.org Received: (qmail 126513 invoked by uid 89); 24 Oct 2016 06:23:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=manufactured, Servers, SOHO, soho X-HELO: mail.ecoscentric.com Received: from albus.ecoscentric.com (HELO mail.ecoscentric.com) (212.13.207.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 24 Oct 2016 06:23:05 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.ecoscentric.com (Postfix) with ESMTP id 28EE2A8B0CB for ; Mon, 24 Oct 2016 07:22:54 +0100 (BST) Received: from mail.ecoscentric.com ([127.0.0.1]) by localhost (albus.ecoscentric.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9-Bju8qn1OP for ; Mon, 24 Oct 2016 07:22:53 +0100 (BST) From: bugzilla-daemon@ecoscentric.com Authentication-Results: mail.ecoscentric.com; dkim=permerror (bad message/signature format) To: ecos-bugs@ecos.sourceware.org Subject: [Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass Date: Sun, 06 Nov 2016 23:55:00 -0000 X-Bugzilla-Reason: QAcontact CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: eCos X-Bugzilla-Component: Other X-Bugzilla-Version: unknown X-Bugzilla-Keywords: Chargeable X-Bugzilla-Severity: critical X-Bugzilla-Who: niteshvai67@gmail.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: high X-Bugzilla-Assigned-To: unassigned@bugs.ecos.sourceware.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter qa_contact cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.ecos.sourceware.org/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2016/txt/msg00108.txt.bz2 Content-length: 1339 Please do not reply to this email, use the link below. http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1002195 Bug ID: 1002195 Summary: SYN Flood or FIN Flood attack results in web Authentication Bypass Product: eCos Version: unknown Target: linux (Linux synthetic target) Architecture/Host_ HostOS: Linux OS: Status: UNCONFIRMED Keywords: Chargeable Severity: critical Priority: high Component: Other Assignee: unassigned@bugs.ecos.sourceware.org Reporter: niteshvai67@gmail.com QA Contact: ecos-bugs@ecos.sourceware.org CC: ecos-bugs@ecos.sourceware.org eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the pac= kets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over t= he device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others. --=20 You are receiving this mail because: You are the QA Contact for the bug. You are on the CC list for the bug. >>From ecos-bugs-return-11168-listarch-ecos-bugs=sources.redhat.com@sourceware.org Sun Oct 30 23:55:17 2016 Return-Path: Delivered-To: listarch-ecos-bugs@sources.redhat.com Received: (qmail 123971 invoked by alias); 30 Oct 2016 23:55:16 -0000 Mailing-List: contact ecos-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: ecos-bugs-owner@sourceware.org Delivered-To: mailing list ecos-bugs@sourceware.org Received: (qmail 123961 invoked by uid 89); 30 Oct 2016 23:55:15 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_50,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=HDKIM-Filter:OpenDKIM, HDKIM-Filter:Filter, HDKIM-Filter:v2.10.3, panel X-HELO: mail.ecoscentric.com Received: from albus.ecoscentric.com (HELO mail.ecoscentric.com) (212.13.207.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 30 Oct 2016 23:55:05 +0000 Received: by mail.ecoscentric.com (Postfix, from userid 512) id 48CD8A8A7C8; Sun, 30 Oct 2016 23:55:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ecoscentric.com 48CD8A8A7C8 X-Original-To: unassigned@bugs.ecos.sourceware.org Delivered-To: unassigned@bugs.ecos.sourceware.org Content-Transfer-Encoding: quoted-printable DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ecoscentric.com 6EBDAA8A7C8 Content-Type: text/plain; charset="UTF-8" From: bugzilla-daemon@ecoscentric.com To: unassigned@bugs.ecos.sourceware.org Subject: Your Bugzilla bug list needs attention. X-Bugzilla-Type: whine Date: Sun, 13 Nov 2016 23:55:00 -0000 X-Bugzilla-URL: http://bugs.ecos.sourceware.org/ Auto-Submitted: auto-generated MIME-Version: 1.0 Message-Id: <20161030235502.6EBDAA8A7C8@mail.ecoscentric.com> X-SW-Source: 2016/txt/msg00109.txt.bz2 Content-length: 3567 [This e-mail has been automatically generated.] You have one or more bugs assigned to you in the Bugzilla bug tracking syst= em (http://bugs.ecos.sourceware.org/) that require attention. All of these bugs are in the CONFIRMED state, and have not been touched in 7 days or more. You need to take a look at them, and decide on an initial action. Generally, this means one of three things: (1) You decide this bug is really quick to deal with (like, it's INVALID), and so you get rid of it immediately. (2) You decide the bug doesn't belong to you, and you reassign it to someone else. (Hint: if you don't know who to reassign it to, make sure that the Component field seems reasonable, and then use the "Reset Assignee to default" option.) (3) You decide the bug belongs to you, but you can't solve it this moment. Accept the bug by setting the status to IN_PROGRESS. To get a list of all CONFIRMED bugs, you can use this URL (bookmark it if you like!): http://bugs.ecos.sourceware.org/buglist.cgi?bug_status=3DCONFIRMED&assigned= _to=3Dunassigned@bugs.ecos.sourceware.org Or, you can use the general query page, at=20 http://bugs.ecos.sourceware.org/query.cgi Appended below are the individual URLs to get to all of your CONFIRMED bugs that haven't been touched for 7 days or more. You will get this message once a day until you've dealt with these bugs! STM32 USB driver unplugging/replugging issue -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001084 Navigation of the documentation using PREV NEXT PARENT arrows broken -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001146 help documentation tree does not correspond to viewed document -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001148 documentation tree in navigation panel does not open at viewed document -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001149 CAN loopback driver requires CYGPKG_DEVS_CAN_LOOP_CAN[01] -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001211 eCos GNU tools 4.6.3 -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001468 Fix compiler warnings about mismatch between log() format string and argum= ent values. -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001510 Array index out of bounds in tftp_server.c -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001522 Cortex-M: Remote 'g' packet reply is too long -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001524 BSD nc_test_slave chrashes -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001586 [RFC] eCos FLASH startup from RedBoot -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001623 Kinetis variant HAL patch: mostly cosmetic and descriptive improvements -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001783 Kinetis DSPI, flash and platform HAL tidies -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001784 Data not relocated to RAM during ROMINT startup -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1001864 Freescale ENET support fot little endian. -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1002114 KSZ8081 Ethernet PHY driver. -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1002115 Prepare Kinetis for Gen2 K -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1002116 Freescale UART - some macros for advanced serial buffers. -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1002117 outdated expectations in documentation -> http://bugs.ecos.sourceware.org/show_bug.cgi?id=3D1002126