COMMAND

    Cayman 3220-H DSL

SYSTEMS AFFECTED

    Cayman 3220-H DSL Router

PROBLEM

    'cassius'  posted  following.   Simple  DOS  attack against Cayman
    3220-H DSL  Router.   Large username  or password  strings sent to
    the Cayman HTTP  admin interface restart  the router.   Router log
    will show "restart not in response to admin command".

    This was tested on:

        - Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) plus 4-port hub
        - GatorSurf version 5.3.0 (build R1)
        - GatorSurf version 5.3.0 (build R2)
        - GatorSurf version 5.5.0 (build R0)  <most recent version>

    As  for  exploit,  open  URL  for  router  admin interface in your
    browser:

        Username: ...................(x79 or more)

    After router restarts (10 seconds) hit refresh on your browser  if
    you want to down it again.  If you want to be lame you could  code
    this to keep a router down all day long.

SOLUTION

    Cayman has released a new software image (version 5.5.0 build  r1)
    to  fix  the  DoS  attack  reported  above.   You  can get the new
    software image here:

        ftp://www.cayman.com/pub/gatorsurf/3220/c8a550R1.COS