Bugtraq mailing list archives
Re: Foundry DoS at login prompt
From: Val Oliva <voliva () FOUNDRYNET COM>
Date: Thu, 30 Nov 2000 04:32:31 -0000
Please note that this posting is incorrect. Foundry's release notes ver. 7.1.09, which is the release notes for the FastIron II family (FastIron II and FastIron IIPlus) and the BigIron family (BigIron 4000 and 8000), stated that this problem is "FIXED" in 7.1.09 and NOT a bug. For the ServerIron family, release 7.1.06 fixes this problem. This statement "If you entered a very long string when prompted for a Telnet password, then pressed Enter before the software timed out the access attempt, the device reset." is within the "Software Fixes" section (p. 191), which itemizes fixes current and earlier software releases. Please contact your local Foundry Sales Representative or Engineer for details. Thanks. Val Oliva
In the release notes for Foundry code v07.1.09,
I noticed the statement:
If you entered a very long string when
prompted for a Telnet
password, then pressed Enter before the
software timed out the
access attempt, the device reset. This functions exactly as it describes on
FastIrons, BigIrons, and
ServerIrons I have access to running various
versions of firmware.
If you can get to a login prompt, you can
reload the device.
This does not appear to affect ssh logins,
which recent versions of the
Foundry firmware support. If you have any Foundry gear with externally
visible IPs, make sure you
disable telnet or upgrade your firmware to the
latest. This is particularly
true if you use their load-balancer product,
the ServerIron, which
also supposedly functions to keep your site
highly available.
-- Aaron
Current thread:
- Re: Foundry DoS at login prompt Val Oliva (Dec 01)