[11319] in bugtraq
Re: FlowPoint DSL router vulnerability
daemon@ATHENA.MIT.EDU (Scott Drassinower)
Mon Aug 9 21:05:26 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.10.9908071148450.25940-100000@earl-grey.cloud9.net>
Date: Sat, 7 Aug 1999 12:07:05 -0400
Reply-To: Scott Drassinower <scottd@CLOUD9.NET>
From: Scott Drassinower <scottd@CLOUD9.NET>
X-To: Matt <matt@USE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.NEB.4.10.9908051404070.27513-100000@cesium.clock.org>
It involves a bug that allows a password recovery feature to be utilized
from the LAN or WAN instead of just the serial console port.
Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
allow you to get access to the box to do whatever you want. It appears as
if the problem started in 3.0.4, but I am not totally certain about that.
--
Scott M. Drassinower scottd@cloud9.net
Cloud 9 Consulting, Inc. White Plains, NY
+1 914 696-4000 http://www.cloud9.net
On Thu, 5 Aug 1999, Matt wrote:
> The following URL contains information about a firmware upgrade for
> FlowPoint DSL routers that fixes a possible "security compromise".
> FlowPoint has chosen not to release ANY information whatsoever about the
> vulnerability. I was curious if anyone had any more information
> about this vulnerability than what FlowPoint is divulging.
>
> http://www.flowpoint.com/support/techbulletin/sec308.htm
>
> thnx
>
> --
> I'm not nice, I'm vicious--it's the secret of my charm.
>
