ZyXEL Prestige Router Remote Node Filtering Vulnerability still present

From: Bernardo Pons (master@atlas-iap.es)
Date: Thu Jul 11 2002 - 12:13:00 PDT

Next message: Paul Schmehl: "Re: Tiny Software and Sygate contact"

Previous message: SGI Security Coordinator: "IRIX DNS resolver vulnerability"
Next in thread: Daniel Roethlisberger: "Re: ZyXEL Prestige Router Remote Node Filtering Vulnerability still present"
Reply: Daniel Roethlisberger: "Re: ZyXEL Prestige Router Remote Node Filtering Vulnerability still present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

bugtraq id 3162: "When more than one remote node filtering rule is applied, the first filtering rule
is the only one that takes effect."

Although bugtraq id 3162 reports that ZyXel released a firmware update 2.50(AL.1) to fix this
vulnerability for the Prestige 642 routers it seems this bug is still present in new firmware
versions.

This configuration has been tested and still has the bug.

Router: ZyXEL 642R-13 (642R-I ADSL over ISDN)
Routing: IP
ZyNOS F/W Version: V2.50(AL.2) | 8/30/2001
ADSL Chipset Vendor: Alcatel, Version  2.5.7

--
Bernardo Pons

Next message: Paul Schmehl: "Re: Tiny Software and Sygate contact"
Previous message: SGI Security Coordinator: "IRIX DNS resolver vulnerability"
Next in thread: Daniel Roethlisberger: "Re: ZyXEL Prestige Router Remote Node Filtering Vulnerability still present"
Reply: Daniel Roethlisberger: "Re: ZyXEL Prestige Router Remote Node Filtering Vulnerability still present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 20:44:04 PDT