[NEWS] Arescom NetDSL 800 Authentication Flaw

From: support@securiteam.com
Date: 02/09/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Sat,  9 Feb 2002 16:22:29 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Arescom NetDSL 800 Authentication Flaw
------------------------------------------------------------------------

SUMMARY

The
<http://www.arescom.com/New/Products%20Page/Stored%20Products%20Pages/NetDSL800U%20Page/NetDSL800U.htm> Arescom NetDSL 800, by default has no configured any kind of authentication, allowing any intruder to log in.

DETAILS

Example:

# telnet 20x.4x.1x.1x8
Trying 20x.4x.1x.1x8...
Connected to 20x.4x.1x.1x8.
Escape character is '^]'.

         ND1060VE-TFA Copyright by ARESCOM 2000

Login Success!
NetDSL>?

                     ******* Console Help Menu *******
Available Command:

add add objects in table
connect start the connection
delete delete objects in table
disconnect disconnect modem connection
help display this menu again
quit quit the system
reboot reboot the router
reset reset the configuration, and reboot
save save the configuration
set set system parameters
show display system status
test system test
upgrade upgrade the firmware via FTP, TFTP and XMODEM

NetDSL>

ADDITIONAL INFORMATION

The information has been provided by <mailto:powertech@ezkracho.com.ar>
Powertech.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [UNIX] Multiple Buffer Overflows in PostgreSQL
    ... shell> pgsql template1 postgres ... The connection to the server was lost. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • Re: Connecting a remote workstation to a domain
    ... I have also selected not to dial an initial connection before ... I assume the CEO does not have a workstation available at the main office, ... remark that you will have to reboot the workstation. ... After the login script has finished and if you have Premium, ...
    (microsoft.public.windows.server.sbs)
  • Re: Connecting a remote workstation to a domain
    ... Even setting up a low end workstation in the ... I have also selected not to dial an initial connection before ... remark that you will have to reboot the workstation. ... After the login script has finished and if you have Premium, ...
    (microsoft.public.windows.server.sbs)
  • Re: this sucks/connection issue
    ... just the same but now i lost my internet connection. ... network resources. ... it was dected and reinstalled on reboot, ...
    (alt.os.windows-xp)
  • Re: this sucks/connection issue
    ... the same but now i lost my internet connection. ... computer is not visible on the network, i might be screwed but oh ... it was dected and reinstalled on reboot, ... Yes my cable is nice and secure, modem and router is fine, as I am ...
    (alt.os.windows-xp)