Home page logo
/

bugtraq logo Bugtraq mailing list archives

MRV In-Reach console server: Port Access Control Bypass Vulnerability
From: spam () drwetter org
Date: 18 Jul 2005 15:20:28 -0000

Hi,

this is another bug I encountered during my research on console servers.

Summary:
Port Access Control Bypass Vulnerability on MRVs
In-Reach console servers.

Details:
MRV's In-Reach console servers come with feature that enables access to
their ports by ssh public keys. As opposed to e.g. standard password
based authentication it's not checked whether the user is allow to
access this port (note: on modern console servers you can set
port permissions on user basis). Research showed that port-based restrictions
were nullified which means that every user can access consoles of every
device hooked up if they were set up by the administrative account of the
console server to use ssh public key authentication.


Vulnerable Versions:
Tested on "Software Version 3.5.0", tested on InReach
LX-8000, 4000 and 1000 series.


Patches/Workarounds:
Vendor has released 3.5.1 which according to vendors information
should fix the issue (Rel-Notes of 3.5.1 and 3.5.0.1 however don't mention
it). For more info see http://service.mrv.com/support/index.cfm

Alternatively administrators on MRV In-Reach console servers should
not allow users using ssh public key based authentication.

Exploit:
Design Flaw, exploit not needed.


Cheers,
        Dirk


--
Dr. Dirk Wetter                                  http://drwetter.org
Consulting IT-Security + Open Source
Key fingerprint = 80A2 742B 8195 969C 5FA6  6584 8B6E 59C1 E41B 9153


  By Date           By Thread  

Current thread:
  • MRV In-Reach console server: Port Access Control Bypass Vulnerability spam (Jul 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault