Bugtraq mailing list archives

Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS

From: Tom <tom () ispstuff com>
Date: Thu, 19 Feb 2004 08:10:45 -0600

Vulnerability tested and Fixed in :

MasterSwitch AP9211 with AP9606 AOS v3.0.9a and MasterSwitch APP v2.2.5a

Patch from APC web site.  Here's the web link.

http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129

At 04:56 PM 2/17/2004, you wrote:

On Tuesday 17 Feb 2004 6:23 pm, thiago.vazquez () light com br wrote:
> We have many products from APC and we've tested that vulnerability in some
> of them and ..... following are the results.

[ snip ]

According to a Matias Kvaternik at APC (US) today, the bug was discovered
after the AP9606 was discontinued (we bought some less than one year ago),
and the engineering team has "no fix in the pipeline". He advises us to
switch off telnet access.

I would imagine most APC products are installed to last for a good three to
six years - upgrading power hardware is probably about as practical as
upgrading a load of networking equipment. I'm surprised, indeed disappointed,
that APC doesn't appear to provide critical security fixes for these
discontinued products; although I do only speak from very limited experience
of APC.

James Green

Current thread:

Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS thiago . vazquez (Feb 17)
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS Thomas M. Payerle (Feb 18)
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS James Green (Feb 18)
  - Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS Keith Clifton (Feb 19)
  - Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS Frank Louwers (Feb 19)
  - Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS Tom (Feb 19)