IBM TotalStorage DS400 Remote Telnet Backdoor Vulnerability
TITLE: IBM TotalStorage DS400 Remote Telnet Backdoor Vulnerability
CLASS: Design Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 13 2007 07:09PM
CREDIT: Knud Erik Højgaard <kokanin@gmail.com> discovered this issue.
VULNERABLE:
IBM TotalStorage DS400 4.15NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
IBM TotalStorage DS400 is prone to a remote telnet backdoor vulnerability. This issue is due to an undocumented telnet server and accounts without passwords potentially being present in affected devices.
Successfully exploiting this issue allows remote attackers to gain superuser-level access to affected devices.
This issue affects devices with firmware version 4.15 installed; other versions may also be affected.
Exploit
Attackers can use a telnet client to exploit this issue.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References: