Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: (ASCEND) ** >= Ascend 5.0A SECURITY ALERT **
From: kevin () ASCEND COM (Kevin Smith)
Date: Wed, 26 Feb 1997 18:50:16 -0800


This issue has been assigned immediately to high-priority problem report for
tracking - engineering are currently working on a fix and formulating advise
for a short-term workaround (filters).

TR#1921 - Max4000 (ti) resets - FE1 - 5.0Ap1(telnetting to port 150)
SW Version: 5.0Ap1
Status: Open      Assign: Engineering      Priority: High
---------------------------------------------------------------------------
-------------------

o Hardware/Software
Max4000 running 5.0Ap1 (ti.m40)

o Problem description
Customer is telnetting to port 150 on Max4000.
He gets a login prompt and enters a valid user name/password.
He gets access to terminal server.
By entering some commanda, he can cause the Max to reset with an FE1.

From earlier:

FYI, port 150 is not undocumented. It is described in the 5.0a release
notes on page 59 of the Max/T1 manual and page 62 of the Max/E1 manual.

It was also introduced months ago in an incremental release. I'm sure our
support engineers are working on the bug you reported and will soon have a
fix.


Matt Holdrege  -  http://www.ascend.com  -  mholdrege () ascend com

At 03:18 PM 2/26/97 -0800, Kit Knox wrote:
-----BEGIN PGP SIGNED MESSAGE-----


** IMPORTANT - PLEASE READ *********************************************

There exists a new feature in the 5.0A series of releases for the MAX which
allow a user to reboot your Ascend MAX at will.  This is done via an
undocumented login entry point that has been introduced without notice to
the public by Ascend.

Users can telnet to a max on port 150 and the Max will act as though the
call came in via a T1 etc.  Using this and another bug a user can cause the
max to reboot.  The exact sequence to cause the reboot has been reported to
Ascend and I am waiting for an official response.  After a fix has been made
available I will immediatly release the details.  In the meantime it is
HIGHLY reccomended that you filter access for incoming tcp to port 150.

If you are not running 5.0A or above please report back to the list if your
max accepts a telnet to port 150 so we can figure out which release this
"feature" was introduced silently.

The Max's seem to now also answer on port 1723.  Anyone know what this is
used for?

This whole thing smells of the non-zero length tcp offsets bug from awhile
back.  Sigh.

************************************************************************

=========================================================================
Kit Knox - <kit () connectnet com> - System Administrator - Finger for Key
CONNECTnet INS, Inc. - 6370 Lusk Blvd Ste F#208 - San Diego, CA 92121
(619) 638-2020 - (619) 638-2024 Voicemail/Pager - (619) 450-3216 FAX
Key fingerprint =  6F E3 79 52 10 6B AB 08  FF 4D 11 51 2A A6 26 2B
=========================================================================


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMxTEmgQB0nvJDyi5AQHTDgP/eOhWj8HXx+kcw2rCgilA17OOGPbz4Rwo
/ijMMkLvGSGr/a72ZI6+h9/zfSUpFe+sjg9pqVxsestDX7hDQYgyykK+OmCXrPQc
6oyhmu04XADOXRAyeGA78rImnMOSOYLB/wVEL9j43JXnxVNFqjqZ78jASFLZmx9X
bYS8amtxLGE=
=gVlV
-----END PGP SIGNATURE-----

++ Ascend Users Mailing List ++
To unsubscribe:        send unsubscribe to ascend-users-request () bungi com
To get FAQ'd:  <http://www.shore.net/~dreaming/ascend-faq>
or             <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>


Kevin Smith                              Updated Service and Support
Senior Technical Support Engineer        Resources are now at:
Customer Satisfaction
Ascend Communications                    http://www.ascend.com/service



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]