[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: multiple vulnerabilities in Alcatel ADSL-Ethernet bridge devices


http://www.securityfocus.com/templates/archive.pike?fromthread=0&list=1&threads=0&mid=175229&start=2001-04-08&end=2001-04-14&

===SNIP===

To:		BugTraq
Subject:	multiple vulnerabilities in Alcatel Speed Touch DSL modems
Date:		Tue Apr 10 2001 00:33:22
Author:		Tom Perrine < tep@sdsc.edu >
Message-ID:	<200104100733.AAA18729@lart>

-----BEGIN PGP SIGNED MESSAGE-----


Subject: multiple vulnerabilities in Alcatel ADSL-Ethernet bridge devices


I. Summary

Researchers associated with the San Diego Supercomputer Center at the
University of California, San Diego have identified multiple
implementation flaws in the Alcatel Speed Touch ADSL "modem" (actually
an ADSL-Ethernet router/bridge).  These flaws can allow an intruder to
take complete control of the device, including changing its
configuration, uploading new firmware, and disrupting the
communications between the telephone central office providing ADSL
service and the device.

These flaws allow the following malicious actions:

* changing the device's configuration such that the device can no
  longer be accessed;

* disabling the device, either temporarily or permanently (requiring
  return of the device to the manufacturer); and

* installation of malicious code, such as a network sniffer
  to gather local LAN traffic (that is not being bridged) and
  making the box more easily/covertly remotely accessible.

One of the more interesting discoveries was a cryptographic
challenge-response back door that completely bypasses any password
that a user may have set on the device.

All testing to date has been done in LLC/SNAP bridge mode.  Routing
mode was not tested.  There may be other flaws that are easier to
exploit in that mode.

[..]

===SNAP===