Bugtraq mailing list archives
Re: FlowPoint DSL router vulnerability
From: shusaku () OZ NET (shusaku)
Date: Tue, 10 Aug 1999 23:18:37 -0700
solution to this 'vulnerability'? ...first addTelnetFilter xxx.xxx.xxx.xx1 xxx.xxx.xxx.xxL ...then addSMTPFilter xxx.xxx.xxx.xx1 xxx.xxx.xxx.xxL ->where ...1 is the starting IP of your LAN ->and ...L is the LAST address locally - no public access? At 07:19 AM 8/10/99 -0400, you wrote:
At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:It involves a bug that allows a password recovery feature to be utilized from the LAN or WAN instead of just the serial console port. Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will allow you to get access to the box to do whatever you want. It appears as if the problem started in 3.0.4, but I am not totally certain about that.So the vulnerability is essentially a brute force against telnet/snmp? Assuming you filter those out, is there another way of accessing?-- Scott M. Drassinower
scottd () cloud9 net
Cloud 9 Consulting, Inc. White
Plains, NY
+1 914 696-4000
http://www.cloud9.net
On Thu, 5 Aug 1999, Matt wrote:The following URL contains information about a firmware upgrade for FlowPoint DSL routers that fixes a possible "security compromise". FlowPoint has chosen not to release ANY information whatsoever about the vulnerability. I was curious if anyone had any more information about this vulnerability than what FlowPoint is divulging. http://www.flowpoint.com/support/techbulletin/sec308.htm thnx -- I'm not nice, I'm vicious--it's the secret of my charm.-- PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt
Current thread:
- FlowPoint DSL router vulnerability Matt (Aug 05)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 07)
- <Possible follow-ups>
- Re: FlowPoint DSL router vulnerability Chris Shenton (Aug 06)
- Re: FlowPoint DSL router vulnerability Eric Budke (Aug 10)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 10)
- Re: FlowPoint DSL router vulnerability Peter Radcliffe (Aug 10)
- Re: FlowPoint DSL router vulnerability Chris J Burris (Aug 10)
- Re: FlowPoint DSL router vulnerability shusaku (Aug 10)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 10)