[plug] [cert-advisory at cert.org: CERT Advisory CA-2001-08]

Simon Scott simon.scott at flexiplan.com
Wed Apr 11 11:34:56 WST 2001 

	I have one of these, but Im stupid

	What are they saying, that it is easy to get the 'challenge string'
and from it determine the password, and therefore someone online could enter
some low-level troubleshooting mode???






	From:	Jason Nicholls <jason at mindsocket.com.au> on 11-04-2001 11:22
AM
	Please respond to plug at plug.linux.org.au@SMTP at Exchange
	To:	plug at plug.linux.org.au@SMTP at Exchange
	cc:	 

	Subject:	[plug] [cert-advisory at cert.org: CERT Advisory
CA-2001-08]


	Interesting CERT Advisory today because these are the same ADSL
modems that
	Telstra use!

	----- Forwarded message from CERT Advisory <cert-advisory at cert.org>
-----

	From: CERT Advisory <cert-advisory at cert.org>
	Subject: CERT Advisory CA-2001-08
	Date: Tue, 10 Apr 2001 19:46:17 -0400 (EDT)

	CERT Advisory CA-2001-08 Multiple Vulnerabilities in Alcatel ADSL
Modems

	   Original release date: April 10, 2001
	   Last revised: --
	   Source: CERT/CC

	   A complete revision history can be found at the end of this file.

	Systems Affected

	     * Alcatel Speed Touch Home ADSL Modem
	     * Alcatel 1000 ADSL Network Termination Device

	Overview

	   The San Diego Supercomputer Center (SDSC) has recently discovered
	   several vulnerabilities in the Alcatel Speed Touch Asymmetric
Digital
	   Subscriber Line (ADSL) modem. These vulnerabilities are the
result of
	   weak authentication and access control policies and exploiting
them
	   will lead to one or more of the following: unauthorized access,
	   unauthorized monitoring, information leakage, denial of service,
and
	   permanent disability of affected devices.

	   The SDSC has published additional information regarding these
	   vulnerabilities at

	          http://security.sdsc.edu/self-help/alcatel/

	<snip>
	----- End forwarded message -----

	I'm not posting the whole lot, follow the link if this is a concern
to you.


	Later,

	Jason Nicholls
	--------------------------------------------------------------------
	Jason Nicholls    icq: 11745841    email: <jason at mindsocket.com.au>
	Proprietor                        mobile: 0417 410 811
	Mind Socket [web services]          http://www.mindsocket.com.au/
	--------------------------------------------------------------------



**********************************************************************
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they   
are addressed. If you have received this email in error please notify 
the system manager.

This footnote also confirms that this email message has been swept by 
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

More information about the plug mailing list