Bugtraq mailing list archives
** >= Ascend 5.0A SECURITY ALERT **
From: kit () CONNECTNET COM (Kit Knox)
Date: Wed, 26 Feb 1997 15:18:36 -0800
-----BEGIN PGP SIGNED MESSAGE----- ** IMPORTANT - PLEASE READ ********************************************* There exists a new feature in the 5.0A series of releases for the MAX which allow a user to reboot your Ascend MAX at will. This is done via an undocumented login entry point that has been introduced without notice to the public by Ascend. Users can telnet to a max on port 150 and the Max will act as though the call came in via a T1 etc. Using this and another bug a user can cause the max to reboot. The exact sequence to cause the reboot has been reported to Ascend and I am waiting for an official response. After a fix has been made available I will immediatly release the details. In the meantime it is HIGHLY reccomended that you filter access for incoming tcp to port 150. If you are not running 5.0A or above please report back to the list if your max accepts a telnet to port 150 so we can figure out which release this "feature" was introduced silently. The Max's seem to now also answer on port 1723. Anyone know what this is used for? This whole thing smells of the non-zero length tcp offsets bug from awhile back. Sigh. ************************************************************************ ========================================================================= Kit Knox - <kit () connectnet com> - System Administrator - Finger for Key CONNECTnet INS, Inc. - 6370 Lusk Blvd Ste F#208 - San Diego, CA 92121 (619) 638-2020 - (619) 638-2024 Voicemail/Pager - (619) 450-3216 FAX Key fingerprint = 6F E3 79 52 10 6B AB 08 FF 4D 11 51 2A A6 26 2B ========================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMxTEmgQB0nvJDyi5AQHTDgP/eOhWj8HXx+kcw2rCgilA17OOGPbz4Rwo /ijMMkLvGSGr/a72ZI6+h9/zfSUpFe+sjg9pqVxsestDX7hDQYgyykK+OmCXrPQc 6oyhmu04XADOXRAyeGA78rImnMOSOYLB/wVEL9j43JXnxVNFqjqZ78jASFLZmx9X bYS8amtxLGE= =gVlV -----END PGP SIGNATURE-----
Current thread:
- Security hole in Solaris 2.5 (sdtcm_convert) + exploit Cristian SCHIPOR (Feb 22)
- Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit Casper Dik (Feb 22)
- <Possible follow-ups>
- Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit Adam Morrison (Feb 23)
- Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit Shumon Huque (Feb 23)
- Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit Brian Parent (Feb 24)
- CIAC Bulletin H-32: HP-UX ppl Core Dump Vulnerability Aleph One (Feb 24)
- IRIX 5.3 /var/rfindd/fsdump - exploit Chris Sheldon (Feb 25)
- Re: IRIX 5.3 /var/rfindd/fsdump - exploit Yuri Volobuev (Feb 25)
- Re[2]: [NTSEC] ! [ADVISORY] Major Security Hole in MS ASP daragh_malone () TELECOM IE (Feb 25)
- ** >= Ascend 5.0A SECURITY ALERT ** Kit Knox (Feb 26)
- Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit Shumon Huque (Feb 23)
- libX11 David Sacerdote (Feb 24)