lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2088415061.23006.1446455822539.JavaMail.totemomail@ss002890.tauri.ch>
Date: Mon, 2 Nov 2015 09:17:00 +0000
From: <csirt@...sscom.com>
To: <fulldisclosure@...lists.org>, <bugtraq@...urityfocus.com>
Subject: [FD] CVE-2015-6498

###################################################################################
#
# SWISSCOM CSIRT ADVISORY - https://www.swisscom.ch/en/about/sustainability/digital-
#switzerland/security.html
#
##################################################################################
#
# CVE ID:   CVE-2015-6498
# Product:  Home Device Manager
# Vendor:   Alcatel-Lucent
# Subject:  Code vulnerability, remotely exploitable
# Finder:   Dr. Ulrich Fiedler and his team at BFH-TI Biel/Bienne
# Coord:    Philippe Cuany (csirt _at_ swisscom.com)
# Date:     Nov 02nd 2015
#
##################################################################################


Description
-----------
A vulnerability has been discovered in the TR069 protocol that can potentially
affect all Automatic Configuration Servers (ACS). The issue has been fixed in
the Home Device Manager (HDM) product from Alcatel-Lucent with an anti-spoofing
filter.  HDM allows service providers to remotely manage CPEs, such as
residential gateways, IP set-top boxes, and VoIP terminal adapters that comprise
a home networking environment.


Product
-------
Alcatel-Lucent Home Device Manager, version prior to 4.1.10 may be affected if
they have no filtering in place, which was provided as a customer specific
extension already by Alcatel-Lucent, or have foreseen other additional
authorization checks.


Vulnerability
-------------
The vulnerability allows an attacker to perform impersonation attacks by
spoofing CPE using tr-069 (cwmp) Protocol. An attacker could gain unauthorized
access to third-party SIP Credentials for the spoofed device and perform illegal
activities (phone fraud). The vulnerability has been tested and confirmed.


Remediation
-----------
Update to Home Device Manager Version 4.1.10 (or higher) or 4.2.2 (or higher)
and activate the anti-spoofing filters, in case there is not already a customer
specific filter or authorization check in place.


Acknowledgments
---------------
Dr. Ulrich Fiedler and his team at BFH-TI Biel/Bienne for the discovery and
notification about the vulnerability.


Milestones
----------
Jul 13th 2015     Details about the vulnerability are communicated to Swisscom
Jul 14th 2015     HDM anti-spoffing filter available
Aug 13th 2015     CVE ID requested at MITRE
Aug 18th 2015     CVE ID 2015-6498 assigned by MITRE
Nov 02nd 2015     Public Release of Advisory


Download attachment "smime.p7s" of type "application/pkcs7-signature" (5268 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ