[33846] in bugtraq
Re: APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet
daemon@ATHENA.MIT.EDU (Keith Clifton)
Thu Feb 19 17:08:21 2004
Date: Thu, 19 Feb 2004 16:32:17 -0500 (EST)
From: Keith Clifton <clifton@zoomnet.net>
To: David Monosov <david.monosov@futureinquestion.net>
Cc: bugtraq@securityfocus.com
In-Reply-To: <200402191514.i1JFENrD028227@sojef.skynet.be>
Message-ID: <Pine.LNX.4.21.0402191631260.24847-100000@clifton.zoomnet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I've noticed this for FTP as well.
The new firmware for the AP9211s seem to fix this issue.
-- Keith
On Thu, 19 Feb 2004, David Monosov wrote:
> To your attention: This comes from limited experience with one version of
> the 9606 firmware (v3.0.3) on MasterSwitch 9xxx series, tested across many
> of the devices:
>
> Although provided an option to disable telnet administratively via the Web
> interface as well as the Telnet interface itself - telnet does *NOT*
> actually gets disabled.
>
> It disables itself for a matter of approx +/- 20 seconds, and comes back as
> if nothing ever happened. Repeating attempts to disable telnet access are
> futile. The only effective method of preventing possible exploitation seems
> to be filtering port 23 on the network level. This seems to be another
> firmware issue.
>
> Please check your APC's using 9606, your sense of security from disabling
> telnet might be false :(
>
> ---
> David 'wEEkAY' Monosov
> david dot monosov at futureinquestion dot net
>
>
>
>
>
>
