[11343] in bugtraq
Re: FlowPoint DSL router vulnerability
daemon@ATHENA.MIT.EDU (Eric Budke)
Wed Aug 11 01:13:54 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.2.0.58.19990810071800.00ae1a00@popserver.panix.com>
Date: Tue, 10 Aug 1999 07:19:33 -0400
Reply-To: Eric Budke <budke@BUDKE.COM>
From: Eric Budke <budke@BUDKE.COM>
X-To: Scott Drassinower <scottd@CLOUD9.NET>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.10.9908071148450.25940-100000@earl-grey.cloud9. net>
At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:
>It involves a bug that allows a password recovery feature to be utilized
>from the LAN or WAN instead of just the serial console port.
>
>Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
>allow you to get access to the box to do whatever you want. It appears as
>if the problem started in 3.0.4, but I am not totally certain about that.
So the vulnerability is essentially a brute force against telnet/snmp?
Assuming you filter those out, is there another way of accessing?
>--
> Scott M. Drassinower scottd@cloud9.net
> Cloud 9 Consulting, Inc. White Plains, NY
> +1 914 696-4000 http://www.cloud9.net
>
>On Thu, 5 Aug 1999, Matt wrote:
>
> > The following URL contains information about a firmware upgrade for
> > FlowPoint DSL routers that fixes a possible "security compromise".
> > FlowPoint has chosen not to release ANY information whatsoever about the
> > vulnerability. I was curious if anyone had any more information
> > about this vulnerability than what FlowPoint is divulging.
> >
> > http://www.flowpoint.com/support/techbulletin/sec308.htm
> >
> > thnx
> >
> > --
> > I'm not nice, I'm vicious--it's the secret of my charm.
> >
--
PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt
