maZZoo maZZoo's blog
very low frequency tech postings  -   03 01 2007
    home
    blog
    feed
    eyes
    info

    code [12]
    dect [4]
    hard [8]
    meta [5]
    security [5]

jul 2009 (1)
jun 2009 (1)
jan 2009 (2)
dec 2008 (1)
oct 2008 (1)
jan 2008 (1)
oct 2007 (1)
jun 2007 (1)
feb 2007 (3)
jan 2007 (3)
nov 2006 (2)
aug 2006 (2)
jul 2006 (1)
may 2006 (1)
nov 2005 (2)
oct 2005 (1)
apr 2005 (2)
mar 2005 (2)
feb 2005 (1)
jan 2005 (1)
may 2004 (1)
jan 2004 (1)
apr 2003 (1)
jan 2003 (1)

Wed, 03 Jan 2007

don't update your Fritz! box 7050

actually I had preferred to title this blog post "update your Fritz! box now"...
The story:
about a year ago in Jan 2006 I had discovered a very simple DoS against the telephone application in my Fritz! box 7050. It is triggered by a single UDP packet and works from the internal LAN, as well as from the internet. For the less technichally inclined reader: UDP means the packet can be even spoofed, which leaves the victim blind about who the attacker was...
The effect is that outgoing phonecalls won't work anymore.
I kept updating my Fritz! box with various firmware releases from AVM, but the bug wasn't fixed. So on July 21st 2006 I contacted AVM about the bug, and they stated were able to reproduce and fix the bug within the same day (hey, and they did that on a friday afternoon!).
I tried to be kind and told them I wanted a fix within two month, and that I will not disclose the bug within that timeframe. AVM was even kinder and sent me a T-Shirt plus some more HW bakshish (including that same vulnerability :), and the promise that the bug will be fixed with the 2nd-next firmware-release, as the subsequent release was in the next week, and it was too late to include the fix...
Then there simply were no more firmware updates for monthes. Now on December 13th 2006 a new firmware version 14.04.25 was released. I tested it this morning, but guess what? 14.04.25 is still vulnerable.

So I contacted AVM again, this time with a strict time constraint of 14 days, after that I will disclose what that UDP packet looks like.

BTW: I didn't look at the details, but it "feels" as if this bug doesn't lead to remote execution.
Read more on Jan 17th here...

posted in /security  |  link  |  comments [0]   


validate HTML