[20194] in bugtraq
Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems
daemon@ATHENA.MIT.EDU (Joey Hess)
Fri Apr 13 05:42:28 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010411190723.U30672@kitenet.net>
Date: Wed, 11 Apr 2001 19:07:24 -0700
Reply-To: Joey Hess <joey@KITENET.NET>
From: Joey Hess <joey@KITENET.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <JAELIHMNHFCGGEEDIHNDOELACAAA.gerrie@hit2000.org>; from
gerrie@HIT2000.ORG on Wed, Apr 11, 2001 at 03:31:05AM +0200
Here's one way to disable the backdoor: I used the EXPERT login to download
/active/ip.ini by ftp, removed all the apadd and rdadd lines, turned off
forwarding for good measure, and re-uploaded it. After resetting the device,
I can't ping it or connect to it on any port, and yet it still functions as
a DSL modem. I suppose this closes all the holes except DSLAM access.
--
see shy jo
