[7647] in bugtraq
Re: Compaq/Microcom 6000 DoS + more
daemon@ATHENA.MIT.EDU (Alec Kosky)
Wed Aug 12 22:53:34 1998
Date: Wed, 12 Aug 1998 16:22:35 -0700
Reply-To: alec@dakotacom.net
From: Alec Kosky <alec@DAKOTACOM.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <01BD8EFC.379275D0.support@microcom.com>
Oops - that last letter was supposed to be from me (alec@dakotacom.net), and
NOT Microcom Support - sorry for the confusion (gotta make a few modifications
to this email prog ;)
On 03-Jun-98 Microcom Support wrote:
> Enclosed is a message that I sent to Compaq/Microcom's technical support
> about their Microcom 6000 access integrators. There is a DoS as well as a
> brute-force password attack on these systems. I received a canned reply from
> their technical team, but have yet to hear anything else from them, and this
> was early June. I spoke with their technical support on the phone, and the
> answer to this problem is to turn off telnet access. That's it - there was a
> message in their call reference that there is no plans to upgrade or modify
> the pShell (pSOS). Just thought that people should know that Compaq/Microcom
> do not seem to care about security, nor do they seem to care that security
> is an issue for their customers. And I am assuming that since the 6000 Acess
> Integrator is their flagship model, these problems are present in all Acess
> Integrator models
> BTW: The OS versions that I reported in my letter to Microcom are
> incorrect. I was reading the wrong information - the correct version is
> 4.0.13, and the latest version of the software is 4.0.15 (and 5.0 is in
> beta, according to the technician). There are no security changes from
> 4.0.13 to 4.0.15, AFAIK.
>
> -----FW: <01BD8EFC.379275D0.support@microcom.com>-----
>
> Date: Wed, 3 Jun 1998 14:30:54 +0100
> From: Microcom Support <support@microcom.com>
> To: "alec@dakotacom.net" <alec@dakotacom.net>
> Subject: FW: Support Query
>
> Additional:
>
> If you wish to contact us with regard to this matter please quote Call
> Ref#: 305752. The best people to talk to about this would be at :
>
> Microcom Inc.
> 500 River Ridge Drive,
> Norwood.
> MA 02062
>
> Hardware : Tel +1 (781) 551-1313
> Carbon Copy : Tel +1 (781) 551-1414
> Fax : +1 (781) 551-1898
> BBS : +1 (781) 551-4750
> ______________________
>
> Thank you for bringing this matter to our attention. I have forwarded this
> eMail to our central site products technical team who will address the
> situation. We will contact you again in due course.
>
> Best regards,
>
> Microcom : Compaq Access Solutions Division.
>
> Online Support - support@microcom.com
> WWW - www.microcom.com
> FTP - ftp.microcom.com
>
> PLEASE INCLUDE THIS EMAIL IN ALL FUTURE COMMUNICATIONS ON THIS SUBJECT
>
> -----Original Message-----
> From: alec@dakotacom.net [SMTP:alec@dakotacom.net]
> Sent: Wednesday, June 03, 1998 8:58 AM
> To: support@microcom.com
> Subject: Support Query
>
> On Wednesday, June 3, 1998 at 03:58:02, the following data was submitted
> from http://www.microcom.com/support/feedback/index.html
>
> First Name Alec
> Middle Initial A
> Last Name Kosky
> Company Dakota Communications
> Title System Admin/Programmer
> Country United States
> Email alec@dakotacom.net
> User Type End User
> Product CM6K-Series
> Other Product
> Software or Firmware Version pSOS
> Operating System
> Platform used
> Query This set of comments/questions is directed to
> the security guys. We currently use a Microcom 6100 Access Integrator, and
> I believe the firmware/OS is subject to a possible denial of service
> attack, as well as a possible brute force attempt to guess the password. I
> believe the OS on the system is pSOS 6.02 for the MNC card and 6.01 for the
> PRI card.
> The denial of service problem is this: there is no timeout when typing
> in the username and password - from what I have seen, a user can make a
> telnet connection to the MNC or PRI card and leave the connection open
> indefinitely. If the user only has one connection open, then this is not
> problem. However, the system will not accept more than 4 telnet connections
> at one time. Thus, a malicious user/hacker could open 4 telnet connections
> to either (or both cards) and deny all legitimate connections to the card.
> The other problem is that the system does not close the connection after
> a specified number of invalid login attempts. A program such as 'crack'
> could be modified to work over a network and attempt to guess the
> administrator's password.
> Neither of these are acceptable on any system, let alone a company's
> flagship model. First, I would like to know if there is a firmware/OS
> update (upgrade?) available to fix these problems, and second, if there is
> no upgrade available, will one be available soon?
>
> --------------End of forwarded message-------------------------
>
> --Alec--
--Alec--
