[14481] in bugtraq
SilverBack Security Advisory: Nbase-Xyplex DoS
daemon@ATHENA.MIT.EDU (Mark McLaughlin)
Thu Apr 6 17:26:24 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NDBBIIKOJKJDMCDCPDPKAEMLCIAA.mmclaughlin@silverbacktech.com>
Date: Wed, 5 Apr 2000 17:42:29 -0400
Reply-To: Mark McLaughlin <mmclaughlin@SILVERBACKTECH.COM>
From: Mark McLaughlin <mmclaughlin@SILVERBACKTECH.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SilverBack Security Advisory
Copyright (c) 2000 SilverBack Technologies
April 5th, 2000
www.silverbacktech.com
Products affected:
Nbase-Xyplex EdgeBlaster MultiFunction WAN Access Router
Description:
SilverBack Technologies has discovered a Denial of Service attack
against Nbase-Xyplex EdgeBlaster router
http://www.nbase-xyplex.com/products/wan/brdg_routers/edgeblaster.cfm
The router tested will stop passing traffic when scanned for the
FormMail CGI vulnerability. The test was preformed from both linux,
and NT devices running NAI's CyberCop scanning software.
When the EdgeBlaster is scanned with CyberCop module 10017 the device
does not dump core or reboot. To access to the device after the scan
you must power cycle the router.
Resolution:
Nbase-Xyplex has been contacted and is currently tracking this support
call. Technical support explained that they recreated the problem in a
lab environment and have escalated the problem to engineering.
Mark McLaughlin, CISSP
Senior Security Engineer
SilverBack Technologies Inc
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5
iQA/AwUBOOuzRGMDobzT1rQCEQI0eACdEhEb0meowDu5kZUnieN1uAH/aS8AoLtQ
xYXl/tD4Svz+QWhkA/DoIRJj
=XfB7
-----END PGP SIGNATURE-----
