[11361] in bugtraq
Re: FlowPoint DSL router vulnerability
daemon@ATHENA.MIT.EDU (shusaku)
Fri Aug 13 06:14:36 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <199908110615.XAA01616@emerald.oz.net>
Date: Tue, 10 Aug 1999 23:18:37 -0700
Reply-To: shusaku <shusaku@OZ.NET>
From: shusaku <shusaku@OZ.NET>
X-To: BUGTRAQ@netspace.org
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <4.2.0.58.19990810071800.00ae1a00@popserver.panix.com>
solution to this 'vulnerability'?
...first
addTelnetFilter xxx.xxx.xxx.xx1 xxx.xxx.xxx.xxL
...then
addSMTPFilter xxx.xxx.xxx.xx1 xxx.xxx.xxx.xxL
->where ...1 is the starting IP of your LAN
->and ...L is the LAST address locally - no public access?
At 07:19 AM 8/10/99 -0400, you wrote:
>At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:
>>It involves a bug that allows a password recovery feature to be utilized
>>from the LAN or WAN instead of just the serial console port.
>>
>>Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
>>allow you to get access to the box to do whatever you want. It appears as
>>if the problem started in 3.0.4, but I am not totally certain about that.
>
>So the vulnerability is essentially a brute force against telnet/snmp?
>Assuming you filter those out, is there another way of accessing?
>
>>--
>> Scott M. Drassinower
scottd@cloud9.net
>> Cloud 9 Consulting, Inc. White
Plains, NY
>> +1 914 696-4000
http://www.cloud9.net
>>
>>On Thu, 5 Aug 1999, Matt wrote:
>>
>> > The following URL contains information about a firmware upgrade for
>> > FlowPoint DSL routers that fixes a possible "security compromise".
>> > FlowPoint has chosen not to release ANY information whatsoever about the
>> > vulnerability. I was curious if anyone had any more information
>> > about this vulnerability than what FlowPoint is divulging.
>> >
>> > http://www.flowpoint.com/support/techbulletin/sec308.htm
>> >
>> > thnx
>> >
>> > --
>> > I'm not nice, I'm vicious--it's the secret of my charm.
>> >
>
>--
>PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt
>
