lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1101412908.20041113115051@SECURITY.NNOV.RU> Date: Sat, 13 Nov 2004 11:50:51 +0300 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Gregory Duchemin <c3rb3r@...patico.ca> Cc: bugtraq@...urityfocus.com Subject: Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems Dear Gregory Duchemin, In case of the product like ADSL modem is, it's not a bug, but a leak of feature to secure DHCP and/or dynamic DNS updates, because it's a way DHCP and DNS are supposed to work and it's impossible to fix it without implementing protocol extensions. This products are targeted for SOHO (any corporate user already have DNS/DHCP server implemented) where this kind of attack does not lead to any serious threats. --Friday, November 12, 2004, 9:02:28 AM, you wrote to bugtraq@...urityfocus.com: GD> Upon complete DHCP negociation, Alcatel modem will try to register the GD> client's DHCP HOSTNAME option into its local DNS domain. GD> At this point, it will care about the hostname syntax and will also GD> check it for redundancy. GD> It will simply discard any DNS dynamic update if the proposed hostname GD> already exists. GD> If it doesn't, an entry is added to the end of the local zone file. GD> However any new DHCP request for an already existing lease, including GD> a redundant HOSTNAME, will bypass this checking. GD> We have now two entries with the same hostname but two differents ip GD> addresses. -- ~/ZARAZA Ïîÿâèëñÿ íîâûé òèï ýëåìåíòàðíûõ ÷àñòèö - øêâàðêè. Íå î÷åíü áîëüøèå, ñëåãêà ïîäãîðåâøèå. (Ëåì)
Powered by blists - more mailing lists