Date: Wed, 3 Jun 1998 14:30:54 +0100
From: Microcom Support <[email protected]>
To: [email protected]Subject: Compaq/Microcom 6000 DoS + more
Enclosed is a message that I sent to Compaq/Microcom's technical support
about their Microcom 6000 access integrators. There is a DoS as well as a
brute-force password attack on these systems. I received a canned reply from
their technical team, but have yet to hear anything else from them, and this was
early June. I spoke with their technical support on the phone, and the answer
to this problem is to turn off telnet access. That's it - there was a message
in their call reference that there is no plans to upgrade or modify the pShell
(pSOS). Just thought that people should know that Compaq/Microcom do not seem
to care about security, nor do they seem to care that security is an issue for
their customers. And I am assuming that since the 6000 Acess Integrator is their
flagship model, these problems are present in all Acess Integrator models.
BTW: The OS versions that I reported in my letter to Microcom are incorrect.
I was reading the wrong information - the correct version is 4.0.13, and the
latest version of the software is 4.0.15 (and 5.0 is in beta, according to the
technician). There are no security changes from 4.0.13 to 4.0.15, AFAIK.
-----FW: <[email protected]>-----
Date: Wed, 3 Jun 1998 14:30:54 +0100
From: Microcom Support <[email protected]>
To: "[email protected]" <[email protected]>
Subject: FW: Support Query
Additional:
If you wish to contact us with regard to this matter please quote Call
Ref#: 305752. The best people to talk to about this would be at :
Microcom Inc.
500 River Ridge Drive,
Norwood.
MA 02062
Hardware : Tel +1 (781) 551-1313
Carbon Copy : Tel +1 (781) 551-1414
Fax : +1 (781) 551-1898
BBS : +1 (781) 551-4750
______________________
Thank you for bringing this matter to our attention. I have forwarded this
eMail to our central site products technical team who will address the
situation. We will contact you again in due course.
Best regards,
Microcom : Compaq Access Solutions Division.
Online Support - [email protected]
WWW - www.microcom.com
FTP - ftp.microcom.com
PLEASE INCLUDE THIS EMAIL IN ALL FUTURE COMMUNICATIONS ON THIS SUBJECT
-----Original Message-----
From: [email protected] [SMTP:[email protected]]
Sent: Wednesday, June 03, 1998 8:58 AM
To: [email protected]Subject: Support Query
On Wednesday, June 3, 1998 at 03:58:02, the following data was submitted
from http://www.microcom.com/support/feedback/index.html
First Name Alec
Middle Initial A
Last Name Kosky
Company Dakota Communications
Title System Admin/Programmer
Country United States
Email [email protected]
User Type End User
Product CM6K-Series
Other Product
Software or Firmware Version pSOS
Operating System
Platform used
Query This set of comments/questions is directed to
the security guys. We currently use a Microcom 6100 Access Integrator, and
I believe the firmware/OS is subject to a possible denial of service
attack, as well as a possible brute force attempt to guess the password. I
believe the OS on the system is pSOS 6.02 for the MNC card and 6.01 for the
PRI card.
The denial of service problem is this: there is no timeout when typing
in the username and password - from what I have seen, a user can make a
telnet connection to the MNC or PRI card and leave the connection open
indefinitely. If the user only has one connection open, then this is not
problem. However, the system will not accept more than 4 telnet connections
at one time. Thus, a malicious user/hacker could open 4 telnet connections
to either (or both cards) and deny all legitimate connections to the card.
The other problem is that the system does not close the connection after
a specified number of invalid login attempts. A program such as 'crack'
could be modified to work over a network and attempt to guess the
administrator's password.
Neither of these are acceptable on any system, let alone a company's
flagship model. First, I would like to know if there is a firmware/OS
update (upgrade?) available to fix these problems, and second, if there is
no upgrade available, will one be available soon?
--------------End of forwarded message-------------------------
--Alec--
