[12613] in bugtraq
NEUROCOM: Nashuatec D445/435 vulnerabilities updated
daemon@ATHENA.MIT.EDU (gregory duchemin)
Wed Nov 17 12:14:06 1999
Message-Id: <19991116182721.9004.qmail@securityfocus.com>
Date: Tue, 16 Nov 1999 18:27:21 -0000
Reply-To: gregory duchemin <veille@NEUROCOM.COM>
From: gregory duchemin <veille@NEUROCOM.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
my last message concerning three commons vulnerabilities on Nashuatec printers model D445 is also available for the D435 series.
These two models of printers are vulnerables to:
1- ftp bounce attack
2- adm web server cgi buffer overflow ( eg: reset )
3- (icmp redirect storm) denial of service attack
now a little update (about the two series):
4- By default, a "guest" account (password guest) allow everybody to authenticate himself to the telnet service. That's not exactly what we should call a security hole since everybody can connect to the web server with exactly the same priviledge and without any needed authentication.
5- the telnetd daemon no longer listen on its port after only one syn stealth scan (try nmap "-sS" option).This behavior suggest that this version of telnetd is unable to manage simultaneous connection requests resulting in a possible denial of service attack.
Have a nice day
******************
Gregory Duchemin
Security & networks Engineer
Email: veille@securite-internet.com
http://www.securite-internet.com
