Re: Compaq/Microcom 6000 DoS + more

[alec () dakotacom net (Alec Kosky)]

Oops - that last letter was supposed to be from me (alec () dakotacom net), and
NOT Microcom Support - sorry for the confusion (gotta make a few modifications
to this email prog ;)


On 03-Jun-98 Microcom Support wrote:
>    Enclosed is a message that I sent to Compaq/Microcom's technical support
> about their Microcom 6000 access integrators. There is a DoS as well as a
> brute-force password attack on these systems. I received a canned reply from
> their technical team, but have yet to hear anything else from them, and this
> was early June. I spoke with their technical support on the phone, and the
> answer to this problem is to turn off telnet access. That's it - there was a
> message in their call reference that there is no plans to upgrade or modify
> the pShell (pSOS). Just thought that people should know that Compaq/Microcom
> do not seem to care about security, nor do they seem to care that security
> is an issue for their customers. And I am assuming that since the 6000 Acess
> Integrator is their flagship model, these problems are present in all Acess
> Integrator models
>    BTW: The OS versions that I reported in my letter to Microcom are
> incorrect. I was reading the wrong information - the correct version is
> 4.0.13, and the latest version of the software is 4.0.15 (and 5.0 is in
> beta, according to the technician). There are no security changes from
> 4.0.13 to 4.0.15, AFAIK.
>
> -----FW: <01BD8EFC.379275D0.support () microcom com>-----
>
> Date: Wed, 3 Jun 1998 14:30:54 +0100
> From: Microcom Support <support () microcom com>
> To: "alec () dakotacom net" <alec () dakotacom net>
> Subject: FW: Support Query
>
> Additional:
>
> If you wish to contact us with regard to this matter please quote Call
> Ref#: 305752. The best people to talk to about this would be at :
>
> Microcom Inc.
> 500 River Ridge Drive,
> Norwood.
> MA 02062
>
> Hardware    : Tel +1 (781) 551-1313
> Carbon Copy : Tel +1 (781) 551-1414
> Fax         :     +1 (781) 551-1898
> BBS         :     +1 (781) 551-4750
> ______________________
>
> Thank you for bringing this matter to our attention. I have forwarded this
> eMail to our central site products technical team who will address the
> situation. We will contact you again in due course.
>
> Best regards,
>
> Microcom : Compaq Access Solutions Division.
>
> Online Support - support () microcom com
> WWW - www.microcom.com
> FTP - ftp.microcom.com
>
> PLEASE INCLUDE THIS EMAIL IN ALL FUTURE COMMUNICATIONS ON THIS SUBJECT
>
> -----Original Message-----
> From:   alec () dakotacom net [SMTP:alec () dakotacom net]
> Sent:   Wednesday, June 03, 1998 8:58 AM
> To:     support () microcom com
> Subject:        Support Query
>
> On Wednesday, June 3, 1998 at 03:58:02, the following data was submitted
> from http://www.microcom.com/support/feedback/index.html
>
> First Name               Alec
> Middle Initial           A
> Last Name                Kosky
> Company                  Dakota Communications
> Title                    System Admin/Programmer
> Country                  United States
> Email                    alec () dakotacom net
> User Type                End User
> Product                  CM6K-Series
> Other Product
> Software or Firmware Version pSOS
> Operating System
> Platform used
> Query                       This set of comments/questions is directed to
> the security guys. We currently use a Microcom 6100 Access Integrator, and
> I believe the firmware/OS is subject to a possible denial of service
> attack, as well as a possible brute force attempt to guess the password. I
> believe the OS on the system is pSOS 6.02 for the MNC card and 6.01 for the
> PRI card.
>    The denial of service problem is this: there is no timeout when typing
> in the username and password - from what I have seen, a user can make a
> telnet connection to the MNC or PRI card and leave the connection open
> indefinitely. If the user only has one connection open, then this is not
> problem. However, the system will not accept more than 4 telnet connections
> at one time. Thus, a malicious user/hacker could open 4 telnet connections
> to either (or both cards) and deny all legitimate connections to the card.
>    The other problem is that the system does not close the connection after
> a specified number of invalid login attempts. A program such as 'crack'
> could be modified to work over a network and attempt to guess the
> administrator's password.
>    Neither of these are acceptable on any system, let alone a company's
> flagship model. First, I would like to know if there is a firmware/OS
> update (upgrade?) available to fix these problems, and second, if there is
> no upgrade available, will one be available soon?
>
> --------------End of forwarded message-------------------------
>
> --Alec--

--Alec--