Bugtraq mailing list archives

multiple looking-glasses input vulnerability

From: barabas () lokmail net
Date: Thu, 18 Oct 2001 03:37:55 -0400

Hi,

There is a flaw in many looking-glasses (most of them based on the 
nitrous-digex one ) which allows attackers to gather information about 
the network which is not intentionally provided through looking-glass 
functionality:

It seems that the looking-glass (which is usually written in Perl) 
doesn't check the input properly for the validity of the input address.


example:

when clicking bgp, to check an address in the bgp table, the attacker 
can enter , instead of an ip address, the word "nei"(or neighbours) 
and all bgp neighbours will be fully visible. In fact, any valid argument 
in cisco IOS following sh ip bgp, can be entered.
Another example: <sh ip bgp> paths gives the full path table. This 
puts some strain on routers and could be used to DOS the router if 
no proper access security is provided.
Various other things can be done

workaround: check for a "." in the input . This shouldn't be too hard 
to implement in the script :-)

Haven't checked for traversal possibilities yet ;-)


Barabas






---------------------------------------------------------
Get Free Private Encrypted Email https://mail.lokmail.net
        Switch to Name.Space: http://namespace.org/switch

Current thread:

multiple looking-glasses input vulnerability barabas (Oct 18)
- RE: multiple looking-glasses input vulnerability arivanov (Oct 19)
- <Possible follow-ups>
- RE: multiple looking-glasses input vulnerability Zvezdelin Vladov (Oct 23)