[20226] in bugtraq
Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems
daemon@ATHENA.MIT.EDU (Mark (Mookie))
Mon Apr 16 13:44:44 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Message-ID: <200104161114.EAA27684@zang.com>
Date: Mon, 16 Apr 2001 04:14:05 -0700
Reply-To: "Mark (Mookie)" <mark@ZANG.COM>
From: "Mark (Mookie)" <mark@ZANG.COM>
X-To: tep@SDSC.EDU
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200104100733.AAA18729@lart> from "Tom Perrine" at Apr 10,
2001 12:33:22 AM
>Subject: multiple vulnerabilities in Alcatel ADSL-Ethernet bridge
>devices
>
>Researchers associated with the San Diego Supercomputer Center at the
>University of California, San Diego have identified multiple
>implementation flaws in the Alcatel Speed Touch ADSL "modem" (actually
>an ADSL-Ethernet router/bridge). These flaws can allow an intruder to
>take complete control of the device, including changing its
>configuration, uploading new firmware, and disrupting the
>communications between the telephone central office providing ADSL
>service and the device.
Weren't these issues actually discovered by Renaud Deraison in November 2000?
He added code to his Nessus program to check for the problems and didn't
consider it worth an advisory since the exploit depended on the IP 10.0.0.138
being spoofable, possible on some ISPs who do VPNs that way but generally
a lower risk than the full internet range.
You'd think the normal process of informing the manufacturer to provide a
window to have a patch available would be followed. Instead a few people
were told, then the press and then CERT, sounds more like a PR stunt to me.
The value add tools are useful but the manuafacturer could have offered a
better fix than binary patching etc. Sounds like too much time was spent on a
nowhere issue.
Mark.
All your japboy are belong to us.
