[33812] in bugtraq
Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" -
daemon@ATHENA.MIT.EDU (Thomas M. Payerle)
Wed Feb 18 16:50:09 2004
Date: Tue, 17 Feb 2004 16:50:15 -0500 (EST)
From: "Thomas M. Payerle" <payerle@physics.umd.edu>
To: thiago.vazquez@light.com.br
Cc: bugtraq@securityfocus.com
In-Reply-To: <OF655033A0.B934768B-ON03256E3D.00631297-03256E3D.00657440@lightrio.com.br>
Message-ID: <Pine.OSF.4.44.0402171648190.14287-100000@oppie.physics.umd.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 17 Feb 2004 thiago.vazquez@light.com.br wrote:
> We have many products from APC and we've tested that vulnerability in some
> of them and ..... following are the results.
Confirmed on a Symmetra UPS with AP9606 running AOS v3.1.1, Symeetra Power
Array APP v3.1.0
As with any vendor backdoor, I would suspect that it is present on a wide
range of software versions and just about anything with an AP9606 is vulnerable.
Tom Payerle
Dept of Physics payerle@physics.umd.edu
University of Maryland (301) 405-6973
College Park, MD 20742-4111 Fax: (301) 314-9525
