Linksys Wireless-G Router WRT54G contains a flaw that may allow a remote denial of service. The issue is triggered when issuing a HTTP POST request with a negative Content-Length value, which causes the httpd to stop responding resulting in a loss of availability.

Upgrade to firmware 4.20.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1014894
• Bugtraq ID: 14822
• Secunia Advisory ID: 16806
• Related OSVDB ID: 19387 19388 19389 19390
• CVE ID: 2005-2912 (see also: NVD)
• ISS X-Force ID: 22253
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0389.html
• Other Advisory URL: http://www.idefense.com/application/poi/display?id=308&type=vulnerabilities
• Vendor URL: http://www.linksys.com/

• Greg MacManus - iDefense Labs