Home page logo

bugtraq logo Bugtraq mailing list archives

** >= Ascend 5.0A SECURITY ALERT **
From: kit () CONNECTNET COM (Kit Knox)
Date: Wed, 26 Feb 1997 15:18:36 -0800


** IMPORTANT - PLEASE READ *********************************************

There exists a new feature in the 5.0A series of releases for the MAX which
allow a user to reboot your Ascend MAX at will.  This is done via an
undocumented login entry point that has been introduced without notice to
the public by Ascend.

Users can telnet to a max on port 150 and the Max will act as though the
call came in via a T1 etc.  Using this and another bug a user can cause the
max to reboot.  The exact sequence to cause the reboot has been reported to
Ascend and I am waiting for an official response.  After a fix has been made
available I will immediatly release the details.  In the meantime it is
HIGHLY reccomended that you filter access for incoming tcp to port 150.

If you are not running 5.0A or above please report back to the list if your
max accepts a telnet to port 150 so we can figure out which release this
"feature" was introduced silently.

The Max's seem to now also answer on port 1723.  Anyone know what this is
used for?

This whole thing smells of the non-zero length tcp offsets bug from awhile
back.  Sigh.


Kit Knox - <kit () connectnet com> - System Administrator - Finger for Key
CONNECTnet INS, Inc. - 6370 Lusk Blvd Ste F#208 - San Diego, CA 92121
(619) 638-2020 - (619) 638-2024 Voicemail/Pager - (619) 450-3216 FAX
Key fingerprint =  6F E3 79 52 10 6B AB 08  FF 4D 11 51 2A A6 26 2B

Version: 2.6.2


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]