| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Feb 2004 16:32:17 -0500 (EST) From: Keith Clifton <clifton@...mnet.net> To: David Monosov <david.monosov@...ureinquestion.net> Cc: bugtraq@...urityfocus.com Subject: Re: APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet can't be disabled. I've noticed this for FTP as well. The new firmware for the AP9211s seem to fix this issue. -- Keith On Thu, 19 Feb 2004, David Monosov wrote: > To your attention: This comes from limited experience with one version of > the 9606 firmware (v3.0.3) on MasterSwitch 9xxx series, tested across many > of the devices: > > Although provided an option to disable telnet administratively via the Web > interface as well as the Telnet interface itself - telnet does *NOT* > actually gets disabled. > > It disables itself for a matter of approx +/- 20 seconds, and comes back as > if nothing ever happened. Repeating attempts to disable telnet access are > futile. The only effective method of preventing possible exploitation seems > to be filtering port 23 on the network level. This seems to be another > firmware issue. > > Please check your APC's using 9606, your sense of security from disabling > telnet might be false :( > > --- > David 'wEEkAY' Monosov > david dot monosov at futureinquestion dot net > > > > > >
Powered by blists - more mailing lists