Tele2 - Versatel and Vivendi - exploit PATCHED

[CyTRAP Labs - advisory <Report_exploit () CyTRAP eu>]

This vulnerability has been patched successfully by the vendor as tests by 
various parties have demonstrated, more details here:

http://cytrap.eu/blog/?p=133

Happy Holidays
Urs E. Gattiker
CyTRAP Labs and www.CASEScontact.org


At 21:23 2006-10-04, you wrote:
> ------------------------------
>
> Message: 2
> Date: Wed, 04 Oct 2006 13:56:27 +0200
> Subject: [Full-disclosure] Tele2 - Versatel and Vivendi - exploit
> To: full-disclosure () lists grok org uk
> Message-ID: <7.0.1.0.0.20061004095637.05222f10 () WebUrb dk>
> Content-Type: text/plain; charset="us-ascii"; format=flowed
>
> Tele 2 has recently announced that it is selling its Benelux assets
> to Versatel and yesterday it informed the media that it intends to do
> the same with its French assets, selling those to Vivendi.
>
> The company that touts itself as providing economical broadband and
> telecommunication services does, however, have a slight problem
> regarding information security.
>
> A vulenrability is being taken advantage off by various groups of
> people and, in turn, this could harm home users that receive their
> broadband and fixed-line services from Tele2.
>
> In fact, several security features can be de-activated allowing a
> malicious user to take control of a user's PC, his broadband
> connection as well as his phone line as described here with a screen shot:
>
> http://cytrap.eu/blog/?p=57
>
> This is another example where user's face risks regarding their
> internet connection they might not even be aware of. Another one of
> those is the recent Fon example also circulated on this list.
>
> Urs E. Gattiker
> CyTRAP Labs & CASEScontact.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/