| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Feb 2004 08:10:45 -0600 From: Tom <tom@...stuff.com> To: bugtraq@...urityfocus.com Subject: Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS Vulnerability tested and Fixed in : MasterSwitch AP9211 with AP9606 AOS v3.0.9a and MasterSwitch APP v2.2.5a Patch from APC web site. Here's the web link. http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129 At 04:56 PM 2/17/2004, you wrote: >On Tuesday 17 Feb 2004 6:23 pm, thiago.vazquez@...ht.com.br wrote: > > We have many products from APC and we've tested that vulnerability in some > > of them and ..... following are the results. > >[ snip ] > >According to a Matias Kvaternik at APC (US) today, the bug was discovered >after the AP9606 was discontinued (we bought some less than one year ago), >and the engineering team has "no fix in the pipeline". He advises us to >switch off telnet access. > >I would imagine most APC products are installed to last for a good three to >six years - upgrading power hardware is probably about as practical as >upgrading a load of networking equipment. I'm surprised, indeed disappointed, >that APC doesn't appear to provide critical security fixes for these >discontinued products; although I do only speak from very limited experience >of APC. > > >James Green
Powered by blists - more mailing lists