This vulnerability has been patched successfully by the vendor as tests by
various parties have demonstrated, more details here:
http://cytrap.eu/blog/?p=133
Happy Holidays
Urs E. Gattiker
CyTRAP Labs and www.CASEScontact.org
At 21:23 2006-10-04, you wrote:
>------------------------------
>
>Message: 2
>Date: Wed, 04 Oct 2006 13:56:27 +0200
>Subject: [Full-disclosure] Tele2 - Versatel and Vivendi - exploit
>To: full-disclosure_at_lists.grok.org.uk
>Message-ID: <7.0.1.0.0.20061004095637.05222f10_at_WebUrb.dk>
>Content-Type: text/plain; charset="us-ascii"; format=flowed
>
>Tele 2 has recently announced that it is selling its Benelux assets
>to Versatel and yesterday it informed the media that it intends to do
>the same with its French assets, selling those to Vivendi.
>
>The company that touts itself as providing economical broadband and
>telecommunication services does, however, have a slight problem
>regarding information security.
>
>A vulenrability is being taken advantage off by various groups of
>people and, in turn, this could harm home users that receive their
>broadband and fixed-line services from Tele2.
>
>In fact, several security features can be de-activated allowing a
>malicious user to take control of a user's PC, his broadband
>connection as well as his phone line as described here with a screen shot:
>
>http://cytrap.eu/blog/?p=57
>
>This is another example where user's face risks regarding their
>internet connection they might not even be aware of. Another one of
>those is the recent Fon example also circulated on this list.
>
>Urs E. Gattiker
>CyTRAP Labs & CASEScontact.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Dec 21 2006
Intro
