Bugtraq mailing list archives

Re: Lousy password handling in BreezeCOM

From: hille () DARKGATE EQUINOXE DE (Thilo Hille)
Date: Thu, 10 Dec 1998 20:21:43 +0100


as far as i know its possible to set installerrights via snmp.
there is also a kind of DOS in the way of updating the firmware.
the tftpserver requires no authorization to upload the firmware and reset.
so someone could easily upload any file.
after that you have to send the affected device to breezecom to
get a new firmware cause the tftpserver is part of the firmware....

the only protection is to set up no ip-configuration.


Thilo Hille
Equinoxe Internet Galerie
Adlerstr.7
79098 Freiburg

Fon: 0761-382263
Fax: 0761-382265
email: hille () equinoxe de
***** www.equinoxe.de *******

Current thread:

[SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Security Research Team (Dec 03)
- Breaking into houses to steal the security systems... Was: Dr. Mudge (Dec 03)
- <Possible follow-ups>
- Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 robert.flannigan () PLATINUM COM (Dec 07)
  - Call For Papers Marco de Vivo [UCV] (Dec 07)
  - Lousy password handling in BreezeCOM Mr. SteelFire (Dec 10)
    - Re: Lousy password handling in BreezeCOM Thilo Hille (Dec 10)
    - NSA paper on computer security Kragen (Dec 11)
    - about the ip header id Salvatore Sanfilippo (Dec 14)
    - Learning security Kevin M. Myer (Dec 14)
  - Administrivia Aleph One (Dec 10)
    - RealSystem passwords Guy Cohen (Dec 10)
    - Titan 3.0 Released Aleph One (Dec 10)
    - Vulnerability in IRIX fcagent daemon SGI Security Coordinator (Dec 10)
    - Linux 2.0.36: The stuff that was 'fixed quietly' [Summary] Alan Cox (Dec 10)
    - Microsoft Security Bulletin (MS98-018) Aleph One (Dec 10)