Phenoelit ADvisory 0815 ++ ** Ascend

From: kim0 (kim0at_private)
Date: Sat Jul 27 2002 - 03:08:41 PDT

Next message: kim0: "0815 ++ */ SEH_Web"

Previous message: kim0: "Phenoelit Advisory, 0815 ++ * - Cisco_tftp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-- 
            kim0   <kim0at_private>
        Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42


Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +--->

[ Authors ]
	FX		<fxat_private>
	kim0 		<kim0at_private>	

	Phenoelit Group	(http://www.phenoelit.de)
	Advisory http://www.phenoelit.de/stuff/Lucent_Ascend.txt

[ Affected Products ]
	Lucent    
			Pipline, MAX, DSL-Terminator. (Formerly known under
			Ascend Router product line)

	Not vulnerable: MAX TNT

	Lucent Bug ID:	Not assigned

[ Vendor communication ]
        06/28/02        Reply to inquiry regarding "who to notify"
        06/29/02        Initial Notification
                        *Note-Initial notification by phenoelit
                        includes a cc to certat_private by default
        06/29/02        Human response ack. the receipt.
        07/06/02        Weekly Follow-up by central POC
                        at Lucent (Right on Time!)
        07/08/02        Additional tec-discussions
        07/19/02        Notification of intent to post publically in
                        apx. 7 days.

[ Overview ]
	The product line formerly known under the name of "Ascend" running 
	the TAOS Operating System provides an easy to use and support 
	interface. This interface includes an undocumented protocol that 
	provides an easy method to identify and query the devices. (similar 
	to the Cisco CDP problem but remote).
	
[ Description ]
	When sending a crafted UDP packet to the devices UDP discard port (9),
	the device will answer with a packet containing valuable information 
	such as the host's name, MAC, IP address of the Ethernet Interface,
	Serial number, device type and installed features. By sending a packet 
	with the SNMP WRITE community, a remote attacker can change the devices 
	IP address, netmask or name.

[ Example ]
	linux# irpas/dfkaa 192.168.1.11    
	DFKAA - Devices Formerly Known As Ascend
	FX <fxat_private> - http://www.phenoelit.de/
	$Revision: 1.22 $ - IRPAS Build XL
	(c) 2001++

	>>ascend<< 
        	[Probe response]
	        ADP version:    2
	        *MAC addr:      00:C0:7B:89:DD:86
	        IP addr:        192.168.1.11/255.255.255.0
	        *Serial number: 9990826374
	        Device type:    Ascend Pipeline 75
	        Features:       0004 0030 0140 0000
	*Device Serial number number and MAC have been changed.


[ Solution ]
	None known at this time. 

[ end of file ]

Next message: kim0: "0815 ++ */ SEH_Web"
Previous message: kim0: "Phenoelit Advisory, 0815 ++ * - Cisco_tftp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jul 27 2002 - 11:20:34 PDT