OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Compaq/Microcom 6000 DoS + more

Compaq/Microcom 6000 DoS + more

Microcom Support (supportMICROCOM.COM)
Wed, 3 Jun 1998 14:30:54 +0100

   Enclosed is a message that I sent to Compaq/Microcom's technical support
about their Microcom 6000 access integrators. There is a DoS as well as a
brute-force password attack on these systems. I received a canned reply from
their technical team, but have yet to hear anything else from them, and this was
early June. I spoke with their technical support on the phone, and the answer
to this problem is to turn off telnet access. That's it - there was a message
in their call reference that there is no plans to upgrade or modify the pShell
(pSOS). Just thought that people should know that Compaq/Microcom do not seem
to care about security, nor do they seem to care that security is an issue for
their customers. And I am assuming that since the 6000 Acess Integrator is their
flagship model, these problems are present in all Acess Integrator models.
   BTW: The OS versions that I reported in my letter to Microcom are incorrect.
I was reading the wrong information - the correct version is 4.0.13, and the
latest version of the software is 4.0.15 (and 5.0 is in beta, according to the
technician). There are no security changes from 4.0.13 to 4.0.15, AFAIK.

-----FW: <01BD8EFC.379275D0.supportmicrocom.com>-----

Date: Wed, 3 Jun 1998 14:30:54 +0100
From: Microcom Support <supportmicrocom.com>
To: "alecdakotacom.net" <alecdakotacom.net>
Subject: FW: Support Query

Additional:

If you wish to contact us with regard to this matter please quote Call
Ref#: 305752. The best people to talk to about this would be at :

Microcom Inc.
500 River Ridge Drive,
Norwood.
MA 02062

Hardware    : Tel +1 (781) 551-1313
Carbon Copy : Tel +1 (781) 551-1414
Fax         :     +1 (781) 551-1898
BBS         :     +1 (781) 551-4750
______________________

Thank you for bringing this matter to our attention. I have forwarded this
eMail to our central site products technical team who will address the
situation. We will contact you again in due course.

Best regards,

Microcom : Compaq Access Solutions Division.

Online Support - supportmicrocom.com
WWW - www.microcom.com
FTP - ftp.microcom.com

PLEASE INCLUDE THIS EMAIL IN ALL FUTURE COMMUNICATIONS ON THIS SUBJECT

-----Original Message-----
From:   alecdakotacom.net [SMTP:alecdakotacom.net]
Sent:   Wednesday, June 03, 1998 8:58 AM
To:     supportmicrocom.com
Subject:        Support Query

On Wednesday, June 3, 1998 at 03:58:02, the following data was submitted
from http://www.microcom.com/support/feedback/index.html

First Name               Alec
Middle Initial           A
Last Name                Kosky
Company                  Dakota Communications
Title                    System Admin/Programmer
Country                  United States
Email                    alecdakotacom.net
User Type                End User
Product                  CM6K-Series
Other Product
Software or Firmware Version pSOS
Operating System
Platform used
Query                       This set of comments/questions is directed to
the security guys. We currently use a Microcom 6100 Access Integrator, and
I believe the firmware/OS is subject to a possible denial of service
attack, as well as a possible brute force attempt to guess the password. I
believe the OS on the system is pSOS 6.02 for the MNC card and 6.01 for the
PRI card.
   The denial of service problem is this: there is no timeout when typing
in the username and password - from what I have seen, a user can make a
telnet connection to the MNC or PRI card and leave the connection open
indefinitely. If the user only has one connection open, then this is not
problem. However, the system will not accept more than 4 telnet connections
at one time. Thus, a malicious user/hacker could open 4 telnet connections
to either (or both cards) and deny all legitimate connections to the card.
   The other problem is that the system does not close the connection after
a specified number of invalid login attempts. A program such as 'crack'
could be modified to work over a network and attempt to guess the
administrator's password.
   Neither of these are acceptable on any system, let alone a company's
flagship model. First, I would like to know if there is a firmware/OS
update (upgrade?) available to fix these problems, and second, if there is
no upgrade available, will one be available soon?

--------------End of forwarded message-------------------------

--Alec--