lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1606344372.2749402.1430293340985.JavaMail.totemomail@ss002890.tauri.ch>
Date: Wed, 29 Apr 2015 07:42:19 +0000
From: <csirt@...sscom.com>
To: <fulldisclosure@...lists.org>
Subject: [FD] CVE-ID 2015-1188: Swisscom DSL Router Centro Grande (ADB)

#############################################################
#
# SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security
#
#############################################################
#
# CVE ID:   CVE-2015-1188
# Product:  Swisscom DSL Router Centro Grande (ADB)
# Vendor:   ADB
# Subject:  Incorrect authentication, remotely exploitable
# Finder:   Ivan Almuina (ivan.almuina _at_ hackingcorp.ch)
# Coord:    Philippe Cuany (csirt _at_ swisscom.com)
# Date:     April 29th 2015
#
#############################################################


Description
-----------
A vulnerability has been discovered that affects the certificate verification
functions provided by the HNDS service found on the Centro Grande (ADB version)
DSL routers of Swisscom.


Product
-------
Firmwares up to version 6.12.02 are affected.


Vulnerability
-------------
The flaw allows an attacker to have access to management functions that are
normally reserved for the Swisscom support. Furthermore, this vulnerability
combined with other vulnerabilities allow to completely compromise the
Centro Grande (ADB) routers. Available Proof-of-Concept code enables a remote
root shell on a victim's router.


Remediation
-----------
Update the firmware to version 6.14.00. By default the Centro Grande routers
should update themselves automatically. The current version can be verified
through the web management interface, under Settings => Router => Firmware
section. The version 6.14.00 should be installed. If it is not the case, the
update can be forced cliking on the button labeled "Check for upgrade".

Alternatively, the firmware can be downloaded from the following page:
https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html

Swisscom customers may call the Swisscom-Hotline 0800 800 800


Acknowledgments
---------------
Ivan Almuina from Hacking Corporation Sàrl (http://hackingcorp.ch/) for the
discovery, the notification and for helping us to fix the vulnerability.


Milestones
----------
Sep 23th 2014   Vulnerability reported to Swisscom CSIRT
Jan  7th 2015   CVE ID requested at MITRE
Jan 18th 2015   CVE ID 2015-1188 assigned by MITRE
Apr 29th 2015   Public Release of Advisory

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5268 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ