Home page logo

bugtraq logo Bugtraq mailing list archives

Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance
From: "Moonen, Ralph" <Moonen.Ralph () kpmg nl>
Date: Mon, 24 Apr 2006 23:05:41 +0200

Multiple vulnerabilities have been identified in IP3 Networks
'NetAccess' NA75 appliance. 

KPMG recommends that owners of a NetAccess NA75 take steps to ensure the
security of the 
device, and that IP3 Networks is contacted to acquire the new firmware
that includes the 
patches for the issues described. IP3 Networks has requested that
customers contact IP3 
through http://www.ip3.com/supportoverview.htm.

Product:                NA75 and possibly others
Revision:               na-img-4.0.34.bin
Vendor Status:  notified, verified and patch available from 1 April 2006
Risk:                   High
Remote:         Yes
Local:          Yes


ISSUE 1: Various SQL injection vulnerabilities in the HTTP user
Due to the absence of user input validation, attackers can embed SQL
commands and queries 
into various HTTP forms. The impact of this is that attackers can login
into the unit by 
specifying username 'admin' and password ' OR "1=1';--. This issue has
been described in
 http://www.securityfocus.com/bid/9858 in 2004, and was reportedly fixed
by IP3 in firmware 
3.1.18b13. However, as can be seen from the above info, we have found
the vulnerability to 
be present in firmware 4.0.34. 

ISSUE 2: Unix command injection vulnerability in command line interface
Due to the absence of user input filtering in the command line
interface, attackers can 
embed Unix commands in certain parameters by passing the commands in the
unix shell 
substitution characters '`'.  

ISSUE 3: No mandatory default password change on first login
The default username and password 'admin'/'admin' do not have to be
changed at first 
login. This greatly increases the chance of the password remaining
'admin' after install. 

ISSUE 4: World readable shadow password file
The shadow password file contains the encrypted passwords for all users
on the system. 
Password crackers can be used on this file to obtain the plaintext
passwords for users.  

ISSUE 5: NetAccess database file world readable and writable
The permission settings on the NetAccess database file allow all unix
users read and 
write access to the file, thereby allowing potentially sensitive
customer information 
to be disclosed. 

Ralph Moonen, CISSP
Manager KPMG Information Risk Management
Amstelveen, The Netherlands

De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n) en zij die 
van de geadresseerde(n) toestemming hebben dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is verboden. 
De informatie in dit e-mailbericht (en de bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van 
een geheimhoudingsplicht.
KPMG is niet aansprakelijk voor schade ten gevolge van het gebruik van elektronische middelen van communicatie, 
daaronder begrepen -maar niet beperkt tot- schade ten gevolge van niet aflevering of vertraging bij de aflevering van 
elektronische berichten, onderschepping of manipulatie van elektronische berichten door derden of door 
programmatuur/apparatuur gebruikt voor elektronische communicatie en overbrenging van virussen en andere kwaadaardige 

Any information transmitted by means of this e-mail (and any of its attachments) is intended exclusively for the 
addressee or addressees and for those authorized by the addressee or addressees to read this message. Any use by a 
party other than the addressee or addressees is prohibited. The information contained in this e-mail (or any of its 
attachments) may be confidential in nature and fall under a duty of non-disclosure.
KPMG shall not be liable for damages resulting from the use of electronic means of communication, including -but not 
limited to- damages resulting from failure or delay in delivery of electronic communications, interception or 
manipulation of electronic communications by third parties or by computer programs used for electronic communications 
and transmission of viruses and other malicious code.


  By Date           By Thread  

Current thread:
  • Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance Moonen, Ralph (Apr 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]