Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems

From: Tom Perrine (tepat_private)
Date: Mon Apr 16 2001 - 14:16:52 PDT

Next message: Warning3: "Re: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !"

Previous message: Albert Fu: "SSE074: (SCO) UnixWare 7 NTP buffer overflow fix"
In reply to: Mark (Mookie): "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Next in thread: Hugo van der Kooij: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> On Mon, 16 Apr 2001 04:14:05 -0700, "Mark (Mookie)" <markat_private> said:

    Mark> Weren't these issues actually discovered by Renaud Deraison in November 2000?
    Mark> He added code to his Nessus program to check for the problems and didn't
    Mark> consider it worth an advisory since the exploit depended on the IP 10.0.0.138
    Mark> being spoofable, possible on some ISPs who do VPNs that way but generally
    Mark> a lower risk than the full internet range.

He found the null default password, see below.

    Mark> You'd think the normal process of informing the manufacturer to provide a
    Mark> window to have a patch available would be followed. Instead a few people
    Mark> were told, then the press and then CERT, sounds more like a PR stunt to me.

The manufacturer was notified before the French press got hold of the
story, from the French computer underground, while we were writing the
advisory, after I had sent a note to Alcatel.

    Mark> The value add tools are useful but the manuafacturer could have offered a
    Mark> better fix than binary patching etc. Sounds like too much time was spent on a
    Mark> nowhere issue.

Read the redacted text in the Alcatel media release for fun :-)

http://morons.org/articles/1/188

(Thanks to Jericho for pointing this out to me.)

    Mark> Mark.
    Mark> All your japboy are belong to us.

Aside from the personal attacks, perhaps you should check the facts. I
did.

The nearly-identical post (yours?) on slashdot
(http://slashdot.org/comments.pl?sid=01/04/11/1249209&cid=69) posted
at Wednesday April 11, @09:20AM EST was almost immediately refuted by
Renaud Deraison himself:
http://slashdot.org/comments.pl?sid=01/04/11/1249209&threshold=1&commentsort=0&mode=thread&pid=110#111
posted at Wednesday April 11, @10:40AM EST

I verified this information with Renaud, receiving a reply to my
message at Thu, 12 Apr 2001 00:04:07 +0200.  He said he posted the
note on Slashdot, but said it was moderated too low for people to
easily see.

It seems a little strange to be posting this rumor, 4 days after it
was proven false, but I see no reason to question your motives.

--tep

p.s.  I *still* *like* the Alcatel Speed Touch Home.  It is still
connecting my home network, despite being offered other devices since
the advisory went out.

They just need to fix a few problems.  Just like *every* other vendor.

Next message: Warning3: "Re: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !"
Previous message: Albert Fu: "SSE074: (SCO) UnixWare 7 NTP buffer overflow fix"
In reply to: Mark (Mookie): "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Next in thread: Hugo van der Kooij: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 02:33:59 PDT