IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities
BID:17698
Info
IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities
| Bugtraq ID: | 17698 |
| Class: | Unknown |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 25 2006 12:00AM |
| Updated: | Apr 26 2006 08:56PM |
| Credit: | Ralph Moonen reported these vulnerabilities. |
| Vulnerable: |
IP3 Networks NA75 4.0.34 firmware |
| Not Vulnerable: | |
Discussion
IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities
IP3 Networks NetAccess NA75 devices are susceptible to multiple local vulnerabilities:
- A command-injection vulnerability due to insufficient input-sanitization of user-supplied commands. This issue allows attackers to execute arbitrary shell commands in the underlying UNIX-based operating system.
- An encrypted-password information-disclosure vulnerability. This issue may aid attackers in brute-force password-guessing attacks.
- An insecure default-permissions vulnerability. This issue allows attackers to access or corrupt potentially sensitive information.
These issues are present in version 4.0.34 of the device's firmware; other versions may also be affected.
IP3 Networks NetAccess NA75 devices are susceptible to multiple local vulnerabilities:
- A command-injection vulnerability due to insufficient input-sanitization of user-supplied commands. This issue allows attackers to execute arbitrary shell commands in the underlying UNIX-based operating system.
- An encrypted-password information-disclosure vulnerability. This issue may aid attackers in brute-force password-guessing attacks.
- An insecure default-permissions vulnerability. This issue allows attackers to access or corrupt potentially sensitive information.
These issues are present in version 4.0.34 of the device's firmware; other versions may also be affected.
Exploit / POC
IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities
Attackers use standard UNIX and network utilities to exploit these issues.
Attackers use standard UNIX and network utilities to exploit these issues.
Solution / Fix
IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities
Solution:
The reporter of these issues states that the vendor has fixes available to address these issues. Symantec has not confirmed this.
Users of affected packages are encouraged to contact the vendor for further information. For support, see the following URI:
http://www.ip3.com/supportoverview.htm
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
The reporter of these issues states that the vendor has fixes available to address these issues. Symantec has not confirmed this.
Users of affected packages are encouraged to contact the vendor for further information. For support, see the following URI:
http://www.ip3.com/supportoverview.htm
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities
References:
References:
- NA75 Product Page (IP3 Networks)
- Vendor Home Page (IP3 Networks)
- Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance ("Moonen, Ralph"