Bugtraq mailing list archives
multiple looking-glasses input vulnerability
From: barabas () lokmail net
Date: Thu, 18 Oct 2001 03:37:55 -0400
Hi, There is a flaw in many looking-glasses (most of them based on the nitrous-digex one ) which allows attackers to gather information about the network which is not intentionally provided through looking-glass functionality: It seems that the looking-glass (which is usually written in Perl) doesn't check the input properly for the validity of the input address. example: when clicking bgp, to check an address in the bgp table, the attacker can enter , instead of an ip address, the word "nei"(or neighbours) and all bgp neighbours will be fully visible. In fact, any valid argument in cisco IOS following sh ip bgp, can be entered. Another example: <sh ip bgp> paths gives the full path table. This puts some strain on routers and could be used to DOS the router if no proper access security is provided. Various other things can be done workaround: check for a "." in the input . This shouldn't be too hard to implement in the script :-) Haven't checked for traversal possibilities yet ;-) Barabas --------------------------------------------------------- Get Free Private Encrypted Email https://mail.lokmail.net Switch to Name.Space: http://namespace.org/switch
Current thread:
- multiple looking-glasses input vulnerability barabas (Oct 18)
- RE: multiple looking-glasses input vulnerability arivanov (Oct 19)
- <Possible follow-ups>
- RE: multiple looking-glasses input vulnerability Zvezdelin Vladov (Oct 23)