lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050718152028.974.qmail@securityfocus.com>
Date: 18 Jul 2005 15:20:28 -0000
From: spam@...etter.org
To: bugtraq@...urityfocus.com
Subject: MRV In-Reach console server: Port Access Control Bypass Vulnerability


Hi,

this is another bug I encountered during my research on console servers.

Summary:
Port Access Control Bypass Vulnerability on MRVs
In-Reach console servers.

Details:
MRV's In-Reach console servers come with feature that enables access to
their ports by ssh public keys. As opposed to e.g. standard password
based authentication it's not checked whether the user is allow to
access this port (note: on modern console servers you can set
port permissions on user basis). Research showed that port-based restrictions
were nullified which means that every user can access consoles of every
device hooked up if they were set up by the administrative account of the
console server to use ssh public key authentication.


Vulnerable Versions:
Tested on "Software Version 3.5.0", tested on InReach
LX-8000, 4000 and 1000 series.


Patches/Workarounds:
Vendor has released 3.5.1 which according to vendors information
should fix the issue (Rel-Notes of 3.5.1 and 3.5.0.1 however don't mention
it). For more info see http://service.mrv.com/support/index.cfm

Alternatively administrators on MRV In-Reach console servers should
not allow users using ssh public key based authentication.

Exploit:
Design Flaw, exploit not needed.


Cheers,
        Dirk


--
Dr. Dirk Wetter                                  http://drwetter.org
Consulting IT-Security + Open Source
Key fingerprint = 80A2 742B 8195 969C 5FA6  6584 8B6E 59C1 E41B 9153



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ