[22890] in bugtraq
multiple looking-glasses input vulnerability
daemon@ATHENA.MIT.EDU (barabas@lokmail.net)
Thu Oct 18 11:55:10 2001
Message-Id: <200110180737.DAA01881@mail.lokmail.net>
From: barabas@lokmail.net
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1874.1003390674.1@mail.lokmail.net>
Date: Thu, 18 Oct 2001 03:37:55 -0400
Hi,
There is a flaw in many looking-glasses (most of them based on the
nitrous-digex one ) which allows attackers to gather information about
the network which is not intentionally provided through looking-glass
functionality:
It seems that the looking-glass (which is usually written in Perl)
doesn't check the input properly for the validity of the input address.
example:
when clicking bgp, to check an address in the bgp table, the attacker
can enter , instead of an ip address, the word "nei"(or neighbours)
and all bgp neighbours will be fully visible. In fact, any valid argument
in cisco IOS following sh ip bgp, can be entered.
Another example: <sh ip bgp> paths gives the full path table. This
puts some strain on routers and could be used to DOS the router if
no proper access security is provided.
Various other things can be done
workaround: check for a "." in the input . This shouldn't be too hard
to implement in the script :-)
Haven't checked for traversal possibilities yet ;-)
Barabas
---------------------------------------------------------
Get Free Private Encrypted Email https://mail.lokmail.net
Switch to Name.Space: http://namespace.org/switch
