MTPSR1-120 Firewall Proxy configuration software

From: UkR security team™ (cuctemaat_private)
Date: Tue Dec 10 2002 - 20:39:21 PST

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files"

Previous message: Rob klein Gunnewiek: "proftpd <=1.2.7rc3 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Product     :  MTPSR1-120 Firewall Proxy configuration 
software
Version	    :  3.0
Vendor      :  Multi-Tech Systems, Inc. 
(http://www.multitech.com)
Remote      :  Yes
Author      :  UkR-XblP (cuctemaat_private)/ UkR security team 

Overview:
Firewall Proxy configuration software default do not set a 
Firewall password and allow access via telnet protocol. As 
a result, the telnet port will be left exposed to 
unrestricted remote access. Remote users 
with malicious intent will be able to access the Firewall 
to change varius configs, such as IP, PPP/SLIP, WAN, 
Proxy, DHCP, Virtual Server or reset Firewall. Attackers 
can set their password, block webserver and registered 
users don't can login for change changes remote.

Solution:
Set the  password after setup and desirable to disable 
telnet access.
---
Professional hosting for everyone - http://www.host.ru

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files"
Previous message: Rob klein Gunnewiek: "proftpd <=1.2.7rc3 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 17:44:46 PST