[48] in Best-of-Security
BoS: Re: (ASCEND) ** >= Ascend 5.0A SECURITY ALERT **
daemon@ATHENA.MIT.EDU (Kevin Smith)
Thu Feb 27 07:31:49 1997
Date: Wed, 26 Feb 1997 18:50:16 -0800
Reply-To: Kevin Smith <kevin@ASCEND.COM>
From: Kevin Smith <kevin@ASCEND.COM>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
This issue has been assigned immediately to high-priority problem report for
tracking - engineering are currently working on a fix and formulating advise
for a short-term workaround (filters).
>TR#1921 - Max4000 (ti) resets - FE1 - 5.0Ap1(telnetting to port 150)
>SW Version: 5.0Ap1
>Status: Open Assign: Engineering Priority: High
>---------------------------------------------------------------------------
-------------------
>
>o Hardware/Software
>Max4000 running 5.0Ap1 (ti.m40)
>
>o Problem description
>Customer is telnetting to port 150 on Max4000.
>He gets a login prompt and enters a valid user name/password.
>He gets access to terminal server.
>By entering some commanda, he can cause the Max to reset with an FE1.
>From earlier:
>FYI, port 150 is not undocumented. It is described in the 5.0a release
>notes on page 59 of the Max/T1 manual and page 62 of the Max/E1 manual.
>
>It was also introduced months ago in an incremental release. I'm sure our
>support engineers are working on the bug you reported and will soon have a
>fix.
>
>
>Matt Holdrege - http://www.ascend.com - mholdrege@ascend.com
At 03:18 PM 2/26/97 -0800, Kit Knox wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>** IMPORTANT - PLEASE READ *********************************************
>
>There exists a new feature in the 5.0A series of releases for the MAX which
>allow a user to reboot your Ascend MAX at will. This is done via an
>undocumented login entry point that has been introduced without notice to
>the public by Ascend.
>
>Users can telnet to a max on port 150 and the Max will act as though the
>call came in via a T1 etc. Using this and another bug a user can cause the
>max to reboot. The exact sequence to cause the reboot has been reported to
>Ascend and I am waiting for an official response. After a fix has been made
>available I will immediatly release the details. In the meantime it is
>HIGHLY reccomended that you filter access for incoming tcp to port 150.
>
>If you are not running 5.0A or above please report back to the list if your
>max accepts a telnet to port 150 so we can figure out which release this
>"feature" was introduced silently.
>
>The Max's seem to now also answer on port 1723. Anyone know what this is
>used for?
>
>This whole thing smells of the non-zero length tcp offsets bug from awhile
>back. Sigh.
>
>************************************************************************
>
>=========================================================================
>Kit Knox - <kit@connectnet.com> - System Administrator - Finger for Key
>CONNECTnet INS, Inc. - 6370 Lusk Blvd Ste F#208 - San Diego, CA 92121
>(619) 638-2020 - (619) 638-2024 Voicemail/Pager - (619) 450-3216 FAX
>Key fingerprint = 6F E3 79 52 10 6B AB 08 FF 4D 11 51 2A A6 26 2B
>=========================================================================
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMxTEmgQB0nvJDyi5AQHTDgP/eOhWj8HXx+kcw2rCgilA17OOGPbz4Rwo
>/ijMMkLvGSGr/a72ZI6+h9/zfSUpFe+sjg9pqVxsestDX7hDQYgyykK+OmCXrPQc
>6oyhmu04XADOXRAyeGA78rImnMOSOYLB/wVEL9j43JXnxVNFqjqZ78jASFLZmx9X
>bYS8amtxLGE=
>=gVlV
>-----END PGP SIGNATURE-----
>
>++ Ascend Users Mailing List ++
>To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
>To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
>or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
>
Kevin Smith Updated Service and Support
Senior Technical Support Engineer Resources are now at:
Customer Satisfaction
Ascend Communications http://www.ascend.com/service
