[20243] in bugtraq
Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems
daemon@ATHENA.MIT.EDU (Renaud Deraison)
Tue Apr 17 02:25:47 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20010416224048.A3243@cvs.nessus.org>
Date: Mon, 16 Apr 2001 22:40:48 +0200
Reply-To: Renaud Deraison <deraison@CVS.NESSUS.ORG>
From: Renaud Deraison <deraison@CVS.NESSUS.ORG>
X-To: "Mark (Mookie)" <mark@ZANG.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200104161114.EAA27684@zang.com>; from mark@ZANG.COM on Mon,
Apr 16, 2001 at 04:14:05AM -0700
On Mon, Apr 16, 2001 at 04:14:05AM -0700, Mark (Mookie) wrote:
> >Researchers associated with the San Diego Supercomputer Center at the
> >University of California, San Diego have identified multiple
> >implementation flaws in the Alcatel Speed Touch ADSL "modem" (actually
> >an ADSL-Ethernet router/bridge). These flaws can allow an intruder to
> >take complete control of the device, including changing its
> >configuration, uploading new firmware, and disrupting the
> >communications between the telephone central office providing ADSL
> >service and the device.
>
> Weren't these issues actually discovered by Renaud Deraison in November 2000?
To make a long story short : "no". I just noted that these modems
are installed passwordless (talk about a "discovery"), whereas
this advisory comes with a lot of new other interesting stuff.
These are brand new flaws, and they even possibly imply brand new Nessus
scripts for them ;)
-- Renaud
--
Renaud Deraison
The Nessus Project
http://www.nessus.org
