Bugtraq mailing list archives
Re: (ASCEND) ** >= Ascend 5.0A SECURITY ALERT **
From: kevin () ASCEND COM (Kevin Smith)
Date: Wed, 26 Feb 1997 18:50:16 -0800
This issue has been assigned immediately to high-priority problem report for tracking - engineering are currently working on a fix and formulating advise for a short-term workaround (filters).
TR#1921 - Max4000 (ti) resets - FE1 - 5.0Ap1(telnetting to port 150) SW Version: 5.0Ap1 Status: Open Assign: Engineering Priority: High ---------------------------------------------------------------------------
-------------------
o Hardware/Software Max4000 running 5.0Ap1 (ti.m40) o Problem description Customer is telnetting to port 150 on Max4000. He gets a login prompt and enters a valid user name/password. He gets access to terminal server. By entering some commanda, he can cause the Max to reset with an FE1.
From earlier:
FYI, port 150 is not undocumented. It is described in the 5.0a release notes on page 59 of the Max/T1 manual and page 62 of the Max/E1 manual. It was also introduced months ago in an incremental release. I'm sure our support engineers are working on the bug you reported and will soon have a fix. Matt Holdrege - http://www.ascend.com - mholdrege () ascend com
At 03:18 PM 2/26/97 -0800, Kit Knox wrote:
-----BEGIN PGP SIGNED MESSAGE----- ** IMPORTANT - PLEASE READ ********************************************* There exists a new feature in the 5.0A series of releases for the MAX which allow a user to reboot your Ascend MAX at will. This is done via an undocumented login entry point that has been introduced without notice to the public by Ascend. Users can telnet to a max on port 150 and the Max will act as though the call came in via a T1 etc. Using this and another bug a user can cause the max to reboot. The exact sequence to cause the reboot has been reported to Ascend and I am waiting for an official response. After a fix has been made available I will immediatly release the details. In the meantime it is HIGHLY reccomended that you filter access for incoming tcp to port 150. If you are not running 5.0A or above please report back to the list if your max accepts a telnet to port 150 so we can figure out which release this "feature" was introduced silently. The Max's seem to now also answer on port 1723. Anyone know what this is used for? This whole thing smells of the non-zero length tcp offsets bug from awhile back. Sigh. ************************************************************************ ========================================================================= Kit Knox - <kit () connectnet com> - System Administrator - Finger for Key CONNECTnet INS, Inc. - 6370 Lusk Blvd Ste F#208 - San Diego, CA 92121 (619) 638-2020 - (619) 638-2024 Voicemail/Pager - (619) 450-3216 FAX Key fingerprint = 6F E3 79 52 10 6B AB 08 FF 4D 11 51 2A A6 26 2B ========================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMxTEmgQB0nvJDyi5AQHTDgP/eOhWj8HXx+kcw2rCgilA17OOGPbz4Rwo /ijMMkLvGSGr/a72ZI6+h9/zfSUpFe+sjg9pqVxsestDX7hDQYgyykK+OmCXrPQc 6oyhmu04XADOXRAyeGA78rImnMOSOYLB/wVEL9j43JXnxVNFqjqZ78jASFLZmx9X bYS8amtxLGE= =gVlV -----END PGP SIGNATURE----- ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request () bungi com To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq> or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
Kevin Smith Updated Service and Support Senior Technical Support Engineer Resources are now at: Customer Satisfaction Ascend Communications http://www.ascend.com/service
Current thread:
- Re: (ASCEND) ** >= Ascend 5.0A SECURITY ALERT ** Matt Holdrege (Feb 26)
- <Possible follow-ups>
- Re: (ASCEND) ** >= Ascend 5.0A SECURITY ALERT ** Kevin Smith (Feb 26)