lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 19 Feb 2004 16:32:17 -0500 (EST)
From: Keith Clifton <clifton@...mnet.net>
To: David Monosov <david.monosov@...ureinquestion.net>
Cc: bugtraq@...urityfocus.com
Subject: Re: APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet
 can't be disabled.


I've noticed this for FTP as well.

The new firmware for the AP9211s seem to fix this issue.

-- Keith

On Thu, 19 Feb 2004, David Monosov wrote:

> To your attention: This comes from limited experience with one version of
> the 9606 firmware (v3.0.3) on MasterSwitch 9xxx series, tested across many
> of the devices:
> 
> Although provided an option to disable telnet administratively via the Web
> interface as well as the Telnet interface itself - telnet does *NOT*
> actually gets disabled. 
> 
> It disables itself for a matter of approx +/- 20 seconds, and comes back as
> if nothing ever happened. Repeating attempts to disable telnet access are
> futile. The only effective method of preventing possible exploitation seems
> to be filtering port 23 on the network level. This seems to be another
> firmware issue.
> 
> Please check your APC's using 9606, your sense of security from disabling
> telnet might be false :(
> 
> ---
> David 'wEEkAY' Monosov
> david dot monosov at futureinquestion dot net
> 
> 
> 
> 
> 
> 



Powered by blists - more mailing lists