lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4145FB87.2030709@freebsd.lublin.pl>
Date: Mon, 13 Sep 2004 21:56:55 +0200
From: Przemyslaw Frasunek <venglin@...ebsd.lublin.pl>
To: bugtraq@...urityfocus.com
Subject: Zyxel Prestige 681 SDSL router information leak


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Zyxel P681 with ZyNOS S/W Version: Vt020225a | 2/25/2002 installed leaks
random portions of memory in ARP requests:

21:47:05.709295 arp who-has x.x.x.x tell x.x.x.x
0x0000   0001 0800 0604 0001 00a0 c526 3cc1 xxxx        ................
0x0010   xxxx 0000 0000 0000 xxxx xxxx 0a48 6f73        .............Hos
0x0020   743a 3233 392e 3235 352e 3235 352e             t:239.255.255.

and after telnet login, packets contains fragments of session!

21:48:24.804384 arp who-has x.x.x.x tell x.x.x.x
0x0000   0001 0800 0604 0001 00a0 c526 3cc1 xxxx        ................
0x0010   xxxx 0000 0000 0000 xxxx xxxx 5b32 323b        ............[22;
0x0020   3439 4833 392e 3235 352e 3235 352e             49H39.255.255.

21:50:34.537114 arp who-has x.x.x.x tell x.x.x.x
0x0000   0001 0800 0604 0001 00a0 c526 3cc1 xxxx        ................
0x0010   xxxx 0000 0000 0000 xxxx xxxx 4849 6e66        ............HInf
0x0020   6f72 6d61 7469 6f6e 1b5b 363b 3439             ormation.[6;49

21:51:00.175642 arp who-has x.x.x.x tell x.x.x.x
0x0000   0001 0800 0604 0001 00a0 c526 3cc1 xxxx        ................
0x0010   xxxx 0000 0000 0000 xxxx xxxx 3333 4856        ............33HV
0x0020   6572 7369 6f6e 3a35 352e 3235 352e             ersion:55.255.

21:52:01.542252 arp who-has x.x.x.x tell x.x.x.x
0x0000   0001 0800 0604 0001 00a0 c526 3cc1 xxxx        ................
0x0010   xxxx 0000 0000 0000 xxxx xxxx 3b33 3748        ............;37H
0x0020   6f72 1b5b 3231 3b34 3048 5245 5455             or.[21;40HRETU


- --
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE *
* JID: venglin@...ber.atman.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBRfuHkxEnBiV4/K0RAtXYAKCjA/6gHjDH8tEoESOC/Xql00+ZhQCgtVFx
PP96Pg8gPC4KHb7dXWLDpXU=
=sUX9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ