Раскрытие информации в ClarkConnect broadband gateway
| Дата публикации: | 03.03.2003 |
| Всего просмотров: | 2147 |
| Опасность: | |
| Наличие исправления: | |
| Количество уязвимостей: | 1 |
| CVE ID: | Нет данных |
| Вектор эксплуатации: | |
| Воздействие: | |
| CWE ID: | Нет данных |
| Наличие эксплоита: | Нет данных |
| Уязвимые продукты: | |
| Описание: | Уязвимость обнаружена в ClarkConnect broadband gateway. Программное обеспечение шлюза может раскрыть информацию о системе удаленному пользователю.
Удаленный пользователь может подключится к 'clarkconnectd' службе (/usr/sbin/clarkconnectd) на 10005 TCP порту, чтобы получить информацию о системе. Удаленный пользователь может представить один из следующих символов, сопровождаемых несколькими знаками смещения на одну строку, чтобы получить различную информацию: "A" - date and time on server "F" - some unknown number "M" - various ifconfig output "P" - process listing "Y" - snort log file "b" - /var/log/messagesНесколько примеров:
[1]=20
eth0 00:50:56:40:89:1F 10.0.0.124 255.255.255.0 none 00:00:00:00:00:00 =
0.0.0.0 0.0.0.0 10.0.0.1-eth0 212.242.40.3 0.0.0.0 -- -- -- --:--:-- -- =
-- -- --:--:--
[2]=20
root 1 0.0 0.0 1308 76 ? S Jan28 0:34 init
root 2 0.0 0.0 0 0 ? SW Jan28 0:00 [keventd]
root 3 0.0 0.0 0 0 ? SW Jan28 0:00 [kapmd]
root 4 0.0 0.0 0 0 ? SWN Jan28 0:00 [ksoftirqd_CPU0]
root 5 0.0 0.0 0 0 ? SW Jan28 0:44 [kswapd]
root 6 0.0 0.0 0 0 ? SW Jan28 0:00 [bdflush]
root 7 0.0 0.0 0 0 ? SW Jan28 0:02 [kupdated]
root 8 0.0 0.0 0 0 ? SW Jan28 0:00 [mdrecoveryd]
root 16 0.0 0.0 0 0 ? SW Jan28 0:34 [kjournald]
root 135 0.0 0.0 0 0 ? SW Jan28 0:00 [kjournald]
root 481 0.0 0.0 1364 164 ? S Jan28 0:33 syslogd -m 0
root 486 0.0 0.0 1912 168 ? S Jan28 0:21 klogd -c 1 -2
root 560 0.0 0.1 2568 312 ? S Jan28 0:04 /usr/sbin/sshd
root 609 0.0 0.0 1472 120 ? S Jan28 0:20 crond
root 639 0.0 0.0 4816 4 ? S Jan28 0:00 smbd -D
root 644 0.0 0.2 3784 384 ? S Jan28 0:42 nmbd -D
root 706 1.7 10.8 51748 20760 ? S Jan28 21:22 snort -D
root 766 0.0 0.0 5248 60 ? S Jan28 0:25 webconfig -f =
/var/webconfig/conf/httpd.conf
root 771 0.0 0.0 1280 4 tty2 S Jan28 0:00 /sbin/mingetty tty2
root 772 0.0 0.0 1280 4 tty3 S Jan28 0:00 /sbin/mingetty tty3
root 773 0.0 0.0 1280 4 tty4 S Jan28 0:00 /sbin/mingetty tty4
root 774 0.0 0.0 1280 4 tty5 S Jan28 0:00 /sbin/mingetty tty5
root 775 0.0 0.0 1280 4 tty6 S Jan28 0:00 /sbin/mingetty tty6
root 2972 0.0 0.0 2224 4 ? S Jan28 0:00 login -- root=20
root 12050 0.0 0.3 2392 700 tty1 S Jan28 0:02 -bash
502 5338 0.0 0.1 5392 380 ? S Jan28 0:16 webconfig -f =
/var/webconfig/conf/httpd.conf
502 5403 0.0 0.1 5288 244 ? S Jan28 0:01 webconfig -f =
/var/webconfig/conf/httpd.conf
suva 5567 0.0 0.4 2416 932 ? S Jan28 0:00 /usr/local/suva/bin/suvad
root 7667 0.0 2.0 5388 3984 ? S Jan28 0:12 netwatchd
root 9897 0.0 0.2 1468 420 ? S 00:07 0:07 clarkconnectd
root 31066 0.5 0.8 3516 1712 ? S 13:06 0:01 /usr/sbin/sshd
kain 31067 0.1 0.6 2380 1280 pts/0 S 13:06 0:00 -bash
root 31127 0.0 0.5 2264 1008 pts/0 S 13:06 0:00 su -
root 31128 0.2 0.6 2396 1304 pts/0 S 13:06 0:00 -bash
root 31250 0.1 0.2 1484 448 ? S 13:09 0:00 clarkconnectd
root 31251 1.0 0.4 2056 844 pts/0 S 13:09 0:00 telnet localhost 10005
root 31252 0.0 0.2 1484 428 ? S 13:09 0:00 clarkconnectd
root 31257 0.0 0.5 2168 968 ? S 13:09 0:00 sh -c /bin/ps auxw | sed "s/[ =
][ ]*/ /g"
root 31258 0.0 0.3 2532 680 ? R 13:09 0:00 /bin/ps auxw
root 31259 0.0 0.1 1336 372 ? S 13:09 0:00 sed s/[ ][ ]*/ /g
[3]
Jan-28-2000 01:35:40 last message repeated 2 times
Jan-28-2000 01:37:40 last message repeated 2 times
Jan-28-2000 01:38:40 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:40:04 sshd Accepted password for kain from 217.157.2.38 =
port 4624 ssh2
Jan-28-2000 01:40:14 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:41:14 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:43:14 last message repeated 2 times
Jan-28-2000 01:45:14 last message repeated 2 times
Jan-28-2000 01:47:14 last message repeated 2 times
Jan-28-2000 01:49:14 last message repeated 2 times
Jan-28-2000 01:50:41 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:52:41 last message repeated 2 times
Jan-28-2000 01:54:41 last message repeated 2 times
Jan-28-2000 01:56:41 last message repeated 2 times
Jan-28-2000 01:57:42 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-28-2000 01:59:42 last message repeated 2 times
Jan-28-2000 02:01:08 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 11:16:36 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 11:18:36 last message repeated 2 times
Jan-29-2000 11:20:36 last message repeated 2 times
Jan-29-2000 11:22:37 last message repeated 2 times
Jan-29-2000 11:24:37 last message repeated 2 times
Jan-29-2000 11:26:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:01:09 last message repeated 2 times
Jan-29-2000 12:02:09 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:04:10 last message repeated 2 times
Jan-29-2000 12:06:10 last message repeated 2 times
Jan-29-2000 12:07:23 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:09:23 last message repeated 2 times
Jan-29-2000 12:11:23 last message repeated 2 times
Jan-29-2000 12:13:23 last message repeated 2 times
Jan-29-2000 12:14:24 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:16:24 last message repeated 2 times
Jan-29-2000 12:17:37 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:19:37 last message repeated 2 times
Jan-29-2000 12:59:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 12:59:25 sshd fatal: Timeout before authentication for =
217.157.2.38.
Jan-29-2000 13:00:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:01:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:03:10 last message repeated 2 times
Jan-29-2000 13:05:10 last message repeated 2 times
Jan-29-2000 13:06:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:06:24 sshd Accepted password for kain from 217.157.2.38 =
port 1526 ssh2
Jan-29-2000 13:07:10 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:08:15 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:10:15 last message repeated 2 times
Jan-29-2000 13:12:15 last message repeated 2 times
Jan-29-2000 13:13:16 snort [1:469:1] ICMP PING NMAP [Classification: =
Attempted Information Leak] [Priority: 2]: {ICMP} 10.0.0.124 -> 10.0.0.1
Jan-29-2000 13:15:16 last message repeated 2 times
STOP
------=_NextPart_000_003B_01C2DC6C.9392DF10--
Уязвимость обнаружена в ClarkConnect 1.2
|
| Ссылки: | clarkconnect(d) information disclosure |