[20220] in bugtraq
Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems
daemon@ATHENA.MIT.EDU (Tom Perrine)
Mon Apr 16 04:12:09 2001
Message-ID: <200104131732.KAA07139@lart>
Date: Fri, 13 Apr 2001 10:32:10 -0700
Reply-To: Tom Perrine <tep@SDSC.EDU>
From: Tom Perrine <tep@SDSC.EDU>
X-To: joey@KITENET.NET
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010411190723.U30672@kitenet.net> (message from Joey Hess on
Wed, 11 Apr 2001 19:07:24 -0700)
>>>>> On Wed, 11 Apr 2001 19:07:24 -0700, Joey Hess <joey@KITENET.NET> said:
Joey> Here's one way to disable the backdoor: I used the EXPERT login to download
Joey> /active/ip.ini by ftp, removed all the apadd and rdadd lines, turned off
Joey> forwarding for good measure, and re-uploaded it. After resetting the device,
Joey> I can't ping it or connect to it on any port, and yet it still functions as
Joey> a DSL modem. I suppose this closes all the holes except DSLAM access.
Joey> --
Joey> see shy jo
Additionally you can check http://security.sdsc.edu/self-help/alcatel
for tools to crack the binary, and infomration to patch the binary to
remove all the "bad" features.
--tep
--
Tom E. Perrine (tep@SDSC.EDU) | San Diego Supercomputer Center
http://www.sdsc.edu/~tep/ | Voice: +1.858.534.5000
"Libertarianism is what your mom taught you: 'Behave yourself
and don't hit your sister."' - Kenneth Bisson of Angola, Ind.
