Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
From: James Green <james@xxxxxxxxxxxxxxxx>
Date: Tue, 17 Feb 2004 22:56:58 +0000
In-reply-to: <OF655033A0.B934768B-ON03256E3D.00631297-03256E3D.00657440@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: StealthNET Ltd
References: <OF655033A0.B934768B-ON03256E3D.00631297-03256E3D.00657440@xxxxxxxxxxxxxxx>
User-agent: KMail/1.5.4

On Tuesday 17 Feb 2004 6:23 pm, thiago.vazquez@xxxxxxxxxxxx wrote:
> We have many products from APC and we've tested that vulnerability in some
> of them and ..... following are the results.

[ snip ]

According to a Matias Kvaternik at APC (US) today, the bug was discovered 
after the AP9606 was discontinued (we bought some less than one year ago), 
and the engineering team has "no fix in the pipeline". He advises us to 
switch off telnet access.

I would imagine most APC products are installed to last for a good three to 
six years - upgrading power hardware is probably about as practical as 
upgrading a load of networking equipment. I'm surprised, indeed disappointed, 
that APC doesn't appear to provide critical security fixes for these 
discontinued products; although I do only speak from very limited experience 
of APC.

James Green

Follow-Ups:
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
  - From: Tom
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
  - From: Keith Clifton
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
  - From: Frank Louwers

References:
- Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
  - From: thiago . vazquez

Prev by Date: Smallftpd 1.0.3 DoS
Next by Date: Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
Previous by thread: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
Next by thread: Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
Index(es):
- Date
- Thread