[8702] in bugtraq
Re: Lousy password handling in BreezeCOM
daemon@ATHENA.MIT.EDU (Thilo Hille)
Sun Dec 13 20:26:21 1998
Date: Thu, 10 Dec 1998 20:21:43 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Thilo Hille <hille@DARKGATE.EQUINOXE.DE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.02.9812101440180.25818-100000@plutten.hl.lu.se>
as far as i know its possible to set installerrights via snmp.
there is also a kind of DOS in the way of updating the firmware.
the tftpserver requires no authorization to upload the firmware and reset.
so someone could easily upload any file.
after that you have to send the affected device to breezecom to
get a new firmware cause the tftpserver is part of the firmware....
the only protection is to set up no ip-configuration.
Thilo Hille
Equinoxe Internet Galerie
Adlerstr.7
79098 Freiburg
Fon : 0761-382263
Fax : 0761-382265
email : hille@equinoxe.de
***** www.equinoxe.de *******
