lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 24 Apr 2006 23:05:41 +0200
From: "Moonen, Ralph" <Moonen.Ralph@...g.nl>
To: <bugtraq@...urityfocus.com>
Cc: "Kornelisse, Peter" <Kornelisse.Peter@...g.nl>
Subject: Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance


--------------------
Multiple vulnerabilities have been identified in IP3 Networks
'NetAccess' NA75 appliance. 
--------------------

KPMG recommends that owners of a NetAccess NA75 take steps to ensure the
security of the 
device, and that IP3 Networks is contacted to acquire the new firmware
that includes the 
patches for the issues described. IP3 Networks has requested that
customers contact IP3 
through http://www.ip3.com/supportoverview.htm.

Product:		NA75 and possibly others
Revision:		na-img-4.0.34.bin
Vendor Status: 	notified, verified and patch available from 1 April 2006
Risk:			High
Remote:		Yes
Local:		Yes

---------------------

ISSUE 1: Various SQL injection vulnerabilities in the HTTP user
interface
Due to the absence of user input validation, attackers can embed SQL
commands and queries 
into various HTTP forms. The impact of this is that attackers can login
into the unit by 
specifying username 'admin' and password ' OR "1=1';--. This issue has
been described in
 http://www.securityfocus.com/bid/9858 in 2004, and was reportedly fixed
by IP3 in firmware 
3.1.18b13. However, as can be seen from the above info, we have found
the vulnerability to 
be present in firmware 4.0.34. 

ISSUE 2: Unix command injection vulnerability in command line interface
Due to the absence of user input filtering in the command line
interface, attackers can 
embed Unix commands in certain parameters by passing the commands in the
unix shell 
substitution characters '`'.  

ISSUE 3: No mandatory default password change on first login
The default username and password 'admin'/'admin' do not have to be
changed at first 
login. This greatly increases the chance of the password remaining
'admin' after install. 

ISSUE 4: World readable shadow password file
The shadow password file contains the encrypted passwords for all users
on the system. 
Password crackers can be used on this file to obtain the plaintext
passwords for users.  

ISSUE 5: NetAccess database file world readable and writable
The permission settings on the NetAccess database file allow all unix
users read and 
write access to the file, thereby allowing potentially sensitive
customer information 
to be disclosed. 


Ralph Moonen, CISSP
Manager KPMG Information Risk Management
Amstelveen, The Netherlands


--------------------------------------------------------------------------------------------------------------------------------------------
De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) toestemming hebben dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is verboden. De informatie in dit e-mailbericht (en de bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van een geheimhoudingsplicht.
KPMG is niet aansprakelijk voor schade ten gevolge van het gebruik van elektronische middelen van communicatie, daaronder begrepen -maar niet beperkt tot- schade ten gevolge van niet aflevering of vertraging bij de aflevering van elektronische berichten, onderschepping of manipulatie van elektronische berichten door derden of door programmatuur/apparatuur gebruikt voor elektronische communicatie en overbrenging van virussen en andere kwaadaardige programmatuur.

Any information transmitted by means of this e-mail (and any of its attachments) is intended exclusively for the addressee or addressees and for those authorized by the addressee or addressees to read this message. Any use by a party other than the addressee or addressees is prohibited. The information contained in this e-mail (or any of its attachments) may be confidential in nature and fall under a duty of non-disclosure.
KPMG shall not be liable for damages resulting from the use of electronic means of communication, including -but not limited to- damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses and other malicious code.

--------------------------------------------------------------------------------------------------------------------------------------------

Powered by blists - more mailing lists