lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 11 May 2005 11:46:39 +0800
From: pokley <>
To: "" <>,
	"" <>
Subject: [Scan Associates Advisory] Neteyes Nexusway
	multiple vulnerability

Product : Neteyes Nexusway (
Description: Neteyes Nexusway multiple vulnerability
Severity: Very High

The NexusWay is a Multiservice Border Gateway that provides the
Multiaccess and Multiservice capabilities in the border segment of an
enterprise network.


Weak authentication in web module
By sending crafted http cookies, any user with access to port 443 on
Neteyes Nexusway may use this vulnerability to become Neteyes Nexusway
admin. This will allow user to change any configuration on this device.

	# curl -k -b 'cyclone500_write=1; cyclone500_auth=1;  

Escaping to Operating System shell in SSH module
User with access to SSH module may able to access Shell or execute any
command as "root" privileges on Neteyes Nexusway by sending crafted
argument in certain command. This will allow user to do anything on this

	> ping ;sh
	> traceroute ;sh

Remote command execution in web module
Any user with access to port 443 on Neteyes Nexusway is able to fully
control Neteyes Nexusway device by sending special crafted packet to
certain administration script. Web server is run as "root" on this devices.


Disable Web Administration module
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists