[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200402191514.i1JFENrD028227@sojef.skynet.be>
Date: Thu, 19 Feb 2004 16:14:04 +0100
From: "David Monosov" <david.monosov@...ureinquestion.net>
To: <bugtraq@...urityfocus.com>
Subject: APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet can't be disabled.
To your attention: This comes from limited experience with one version of
the 9606 firmware (v3.0.3) on MasterSwitch 9xxx series, tested across many
of the devices:
Although provided an option to disable telnet administratively via the Web
interface as well as the Telnet interface itself - telnet does *NOT*
actually gets disabled.
It disables itself for a matter of approx +/- 20 seconds, and comes back as
if nothing ever happened. Repeating attempts to disable telnet access are
futile. The only effective method of preventing possible exploitation seems
to be filtering port 23 on the network level. This seems to be another
firmware issue.
Please check your APC's using 9606, your sense of security from disabling
telnet might be false :(
---
David 'wEEkAY' Monosov
david dot monosov at futureinquestion dot net
Powered by blists - more mailing lists