Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems

From: Joey Hess (joeyat_private)
Date: Wed Apr 11 2001 - 19:07:24 PDT

Next message: Alan Coopersmith: "Re: Solaris Xsun buffer overflow vulnerability"

Previous message: Progeny Security Team: "PROGENY-SA-2001-04: OpenSSH subject to traffic analysis"
Next in thread: teespy: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Reply: teespy: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Reply: Tom Perrine: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Reply: Hugo van der Kooij: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's one way to disable the backdoor: I used the EXPERT login to download
/active/ip.ini by ftp, removed all the apadd and rdadd lines, turned off
forwarding for good measure, and re-uploaded it. After resetting the device,
I can't ping it or connect to it on any port, and yet it still functions as
a DSL modem. I suppose this closes all the holes except DSLAM access.

--
see shy jo

Next message: Alan Coopersmith: "Re: Solaris Xsun buffer overflow vulnerability"
Previous message: Progeny Security Team: "PROGENY-SA-2001-04: OpenSSH subject to traffic analysis"
Next in thread: teespy: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Reply: teespy: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Reply: Tom Perrine: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Reply: Hugo van der Kooij: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 02:40:50 PDT