[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Foundry DoS at login prompt

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Foundry DoS at login prompt
From: lists@DIE.NET
Date: Sat, 11 Nov 2000 23:42:15 -0800

In the release notes for Foundry code v07.1.09, I noticed the statement:

        If you entered a very long string when prompted for a Telnet
        password, then pressed Enter before the software timed out the
        access attempt, the device reset.

This functions exactly as it describes on FastIrons, BigIrons, and
ServerIrons I have access to running various versions of firmware.
If you can get to a login prompt, you can reload the device.

This does not appear to affect ssh logins, which recent versions of the
Foundry firmware support.

If you have any Foundry gear with externally visible IPs, make sure you
disable telnet or upgrade your firmware to the latest.  This is particularly
true if you use their load-balancer product, the ServerIron, which
also supposedly functions to keep your site highly available.

                                    -- Aaron

Prev by Date: Re: [hacksware] gbook.cgi remote command execution vulnerability [FIXED]
Next by Date: Unidentified subject!
Prev by thread: Re: [hacksware] gbook.cgi remote command execution vulnerability [FIXED]
Next by thread: Re: Foundry DoS at login prompt
Index(es):
- Date
- Thread