Current Activity - RuggedCom Rugged Operating System Vulnerability

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

RuggedCom Rugged Operating System Vulnerability

Original release date: Tuesday, April 24, 2012 at 4:14 pm
Last revised: Tuesday, April 24, 2012 at 4:14 pm


RuggedCom Rugged Operating System (ROS), used in RuggedCom network
infrastructure devices, contains a hard-coded user account with a
predictable password.

This user account cannot be manually disabled. An attacker who
successfully guesses the password may be able to gain complete
administrative control of the ROS device.

As a workaround, RuggedCom has recommended disabling the rsh service and
setting the number of telnet connections allowed to 0.

For more information, please see US-CERT Vulnerability Note VU#889195.

Relevant Url(s):
<http://www.kb.cert.org/vuls/id/889195>

<http://www.ruggedcom.com/products/index.php>


____________________________________________________________________

   Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to the Notification as indicated here:
http://www.us-cert.gov/legal.html#notify

This document can also be found at
http://www.us-cert.gov/current/#ruggedcom_rugged_operating_system_vulnerability

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBT5cOHz/GkGVXE7GMAQKvfQf/QodmxFcIG1QJhD954f9p58zha+3i62Ki
O2DPfDjO5uMGi0RL5LrOM9FjFj0nSoJMN7fFPcR9ChYtRtJ7uJ0aLzswjXWZUoht
MPH57GwIkX1pyCCw3/w6cZgkZftGuro5uCSIRqNBU3YOwxvpFNXQ3xUbOhJCERrR
+c3P3z5fgdj7BU8B5Aq5jyhXz4ugRO159qIYpqHQBzHu6UMkV+6a4+BVh8xEwMxV
vJvSe4mCOYyofQlPLyQuaXO7ICJtTSHIzteMHWhBXbPOKD0bVG660Eq1fDLHdTMn
4ZhnEcxFR+B5k53EUTzpAHYGhl1es1j59rT7Zwqx8a5I4UB0gBDANA==
=+wFb
-----END PGP SIGNATURE-----