[20645] in bugtraq
Cable-Router AR220e Portmapper Security-Flaw
daemon@ATHENA.MIT.EDU (Axel Hammer)
Wed May 16 04:28:52 2001
Message-ID: <3AFF9F7A.2CED9E11@grafx-design.de>
Date: Mon, 14 May 2001 11:03:54 +0200
From: Axel Hammer <alpha01@grafx-design.de>
Reply-To: info@grafx-design.de
MIME-Version: 1.0
To: BUGTRAQ@securityfocus.com, ts1@alliedtelesyn.com
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Device:
Allied Telesyn AT-AR220e, Firmware 1.08a RC14, combined DSL/Cable-Router, NAT,
Firewall, HTML-Config
This Device is equipped with the function 'Virtual Server', which is a
portmapper WAN -> LAN.
The 'Virtual Server'-functionality can be disabled completely and single
portmappings can be disabled each, too.
Problem:
If a portmapping is set-up, e.g.
Status; Global Port; Internal Port; Internal IP; Protocol
disabled; 80; 80; 192.168.0.1; TCP
AND the Virtual-Server-Feature is enabled, there is no check for the
enabled/disabled setup of each of the single portmappings. They still remain
active.
Impact:
It is possible to gain access to mapped services, which may be left unsecured.
Solution:
Unused mappings should be deleted from the list-of-portmappings. If there are no
used mappings at all, the Virtual-Server-feature should be disabled.
Vendor-Status:
Informed on 2001-14-05
Regards, Axel
P.S.: first posting ;-)
--
de:
GRAFX & DESIGN
marketing
Michael-Imhof-Str. 17
86609 Donauwörth
Tel.: +49 (0)906-705706-11
Fax: +49 (0)906-705705-12
Mobile: +49 (0)171-9321435
info@grafx-design.de
http://www.grafx-design.de
