[18779] in bugtraq
Re: Make The Netopia R9100 Router To Crash
daemon@ATHENA.MIT.EDU (Rob Tashjian)
Wed Jan 24 11:47:06 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <003501c0861c$4c4d1420$fd30b0a3@netopia.com>
Date: Wed, 24 Jan 2001 07:42:45 -0800
Reply-To: Rob Tashjian <rwt@NETOPIA.COM>
From: Rob Tashjian <rwt@NETOPIA.COM>
X-To: nyc1660@FREESURF.FR
To: BUGTRAQ@SECURITYFOCUS.COM
Well, had you bothered to contact Netopia first, (what!, you didn't!
shame on you!), you would have found that the problem has been
resolved for some time now. The version of firmware against which
you are reporting this problem (4.6) is close to a year old. The
current version of firmware is 4.8.2, or two feature releases and a
number of bug fixes removed. Please upgrade to 4.8.2.
In the future, you should report security problems to
security@netopia.com
or call Netopia Tech Support and have the problem logged so that
it can either be fixed, or as in this case, you can be directed to
upgrade your firmware.
rwt
ps. Whose router do you have passwords to anyhow:^? And why
are you trying to delete the logs:^?
---
Robert Tashjian
rwt@netopia.com
----- Original Message -----
From: "Julien Henry" <nyc1660@FREESURF.FR>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Tuesday, January 23, 2001 1:59 PM
Subject: Make The Netopia R9100 Router To Crash
> This post will be short because it does not need a lot
> of explanation. This is in a really specific case.
>
> If you have the password of the router and if you are
> logged to it you will not be able to delete all the traces.
> The router logs the connection and the disconnection
> of telnet sessions. If you want to delete the
> connection from the logs you just have to delete
> them. But if you want to delete the disconnection log
> you can't.
>
> The only way to do that is to make it crash. Just use
> the telnet program which is inside the router. Try to
> make a connection from the IP of the router to the IP
> of the router. It will crash it, as a consequence, you
> will NOT be logged ! In the log you only see things like
> that :
>
> 01/24/01 01:01:15 --BOOT: Warm start v4.6 ----
> 01/24/01 01:01:10 * EXCEPTION: A6: 12F6890, A7:
> 12F67DC
> 01/24/01 01:01:10 * EXCEPTION: A4: 0, A5: 124B474
> 01/24/01 01:01:10 * EXCEPTION: A2: 125F9AC, A3: 0
> 01/24/01 01:01:10 * EXCEPTION: A0: 125F9D8, A1: 0
> 01/24/01 01:01:10 * EXCEPTION: D6: 0, D7:
> C1FB0028
> 01/24/01 01:01:10 * EXCEPTION: D4: 0, D5: 0
> 01/24/01 01:01:10 * EXCEPTION: D2: 0, D3: 0
> 01/24/01 01:01:10 * EXCEPTION: D0: 0, D1: 6
> 01/24/01 01:01:10 * EXCEPTION: BERR SF
> SP+$10: 10845AE, SP+$14: E0045
> 01/24/01 01:01:10 * EXCEPTION: BERR SF
> SP+$08: 83A, SP+$0C: FFFFF9AC
> 01/24/01 01:01:10 * EXCEPTION: PC: 10845AE, SR:
> 2004, F/V: C008
>
>
