Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet can't be disabled.

APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet can't be disabled.

From: David Monosov <david.monosov_at_futureinquestion.net>
Date: Thu, 19 Feb 2004 16:14:04 +0100

To your attention: This comes from limited experience with one version of
the 9606 firmware (v3.0.3) on MasterSwitch 9xxx series, tested across many
of the devices:

Although provided an option to disable telnet administratively via the Web
interface as well as the Telnet interface itself - telnet does *NOT*
actually gets disabled.

It disables itself for a matter of approx +/- 20 seconds, and comes back as
if nothing ever happened. Repeating attempts to disable telnet access are
futile. The only effective method of preventing possible exploitation seems
to be filtering port 23 on the network level. This seems to be another
firmware issue.

Please check your APC's using 9606, your sense of security from disabling
telnet might be false :( 

---
David 'wEEkAY' Monosov
david dot monosov at futureinquestion dot net
Received on Feb 19 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]