NetStructure 7110 Undocumented Password Vulnerability
BID:1182
Info
NetStructure 7110 Undocumented Password Vulnerability
| Bugtraq ID: | 1182 |
| Class: | Access Validation Error |
| CVE: |
CVE-2000-0384 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 08 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | This vulnerability was published to the Bugtraq mailing list by @Stake Inc. / L0pht Research Labs on May 8, 2000. |
| Vulnerable: |
Intel Corporation NetStructure 7110 |
| Not Vulnerable: | |
Discussion
NetStructure 7110 Undocumented Password Vulnerability
NetStructure (formerly known as Ipivot Commerce Accelerator) is a multi-site traffic director. This internet equipment is designed for businesses with multiple Web site locations, routing traffic to the best available site from a single URL. Certain revisions of this package have an undocumented supervisor password.
This password, which grants access to the 'wizard' mode of the device, is derived from the MAC address of the primary NIC. This MAC address is displayed in the login banner.
This password can be utilized from the admin console locally (via a serial interface) or remotely if the machine has been deployed with a modem for remote access. With this password an intruder gains shell access to the underlying UNIX system and may sniff traffic, among other things.
NetStructure (formerly known as Ipivot Commerce Accelerator) is a multi-site traffic director. This internet equipment is designed for businesses with multiple Web site locations, routing traffic to the best available site from a single URL. Certain revisions of this package have an undocumented supervisor password.
This password, which grants access to the 'wizard' mode of the device, is derived from the MAC address of the primary NIC. This MAC address is displayed in the login banner.
This password can be utilized from the admin console locally (via a serial interface) or remotely if the machine has been deployed with a modem for remote access. With this password an intruder gains shell access to the underlying UNIX system and may sniff traffic, among other things.
Exploit / POC
NetStructure 7110 Undocumented Password Vulnerability
An exploit has been made available.
An exploit has been made available.
Solution / Fix
NetStructure 7110 Undocumented Password Vulnerability
Solution:
Intel has created a patch for this issue. Instructions for obtaining this patch can be found at:
http://216.188.41.136/
Solution:
Intel has created a patch for this issue. Instructions for obtaining this patch can be found at:
http://216.188.41.136/
References
NetStructure 7110 Undocumented Password Vulnerability
References:
References: