Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) [rootshell] Security Bulletin #16 (fwd)
On Tue, 17 Mar 1998, Joe Shaw wrote:
> Date: Tue, 17 Mar 1998 09:57:25 -0600 (CST)
> From: Joe Shaw <jshaw@insync.net>
> To: Phillip Vandry <vandry@Mlink.NET>
> Cc: ascend-users@bungi.com
> Subject: Re: (ASCEND) [rootshell] Security Bulletin #16 (fwd)
>
> > > 01. Ascend Kill II - C version
> > > 02. Ascend Kill II - Ballista "cape" version
> > > 03. SNI-26: Ascend Router Security Issues
> >
> > Well, I tried this on a Pipeline, and the Pipe seemed unaffected. So,
> > noticing that the code does not set a valid UDP checksum, I turned off
> > UDP checksums on the Pipeline and tried it again. Still no effect.
> >
> > So I tried it on a Max 4048. Still no effect.
> >
> > Has anyone been able to use this attack successfully?
> >
> > Have I compiled it wrong?
Well... I compiled the exploit on one of our 533Mhz DEC Alpha
machines running RedHat 5.0 and tested it on one of our new 4048's running
the 6.0.0 (ftik) code and sure as could be it reset the box and
rebooted... I had attached the serial cable and had minicom open to watch
it... fatal-history under Diagnostics show'd a fatal error and gave a
hexidecimal location at the exact time I tested the exploit...
So Yes I've seen it used successfully and it probably was a
compile problem... I just used 'gcc -g -Wall -o ascend ascend.c' to
compile it which produced to warnings but no errors...
Sincerely,
Jeremy T. Bouse
System Administrator
SouthNet TeleComm Services, Inc.
800-787-3221
770-437-1167
770-501-3615 (pager)
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: