Secure Networks Inc Uncovers Vulnerabilities in Ascend Routers
PR Newswire - March 16, 1998 13:57
ASND %CPR V%PRN P%PRN
Jump to first matched term
CALGARY, March 16 /CNW-PRN/ - Secure Networks Inc. announced today the
discovery of security vulnerabilities in router and access-server hardware
provided by Ascend Communications, Inc (NASDAQ; ASND). The problems
discovered allow attackers to crash Ascend Pipeline and MAX routers, cutting
off network connectivity at sites that rely on them. Additionally, the default
configuration, attackers can completely reconfigure vulnerable routers.
Secure Networks Inc., a security research and development company, is
releasing this new information to inform the community of the risks involved
in running vulnerable routers, and to explain how these problems can be
addressed by network operators. ''Organizations that rely on Ascend equipment
need to know about these problems,'' said Thomas Ptacek, author of the new
report. ''Attackers can abuse vulnerable Ascend routers to compromise entire
enterprise networks.''
The recently released technical report outlines two security issues with
Ascend routers. One of them exploits a proprietary Ascend configuration
protocol to cause the router to lock up; the other uses the router's SNMP
management capability to download and view the full router configuration,
which includes the passwords to the machine. These problems have been
confirmed on Ascend's Pipeline and MAX platforms.
''Given that routers are such an integral part of network
infrastructures, vulnerabilities such as this pose a tremendous threat'',
commented Alfred Huger, project manager at Secure Networks. ''We feel that it
is tremendously important that end users of these products, be properly
appraised of just how secure these products are''.
Ascend Communications has been notified of these problems, and is
believed to be addressing them in a new version of the router's software. In
the interim, Secure Networks, Inc. has provided information explaining how
network operators can defend against these problems by reconfiguring the
vulnerable router.
A detailed security advisory has been made available at:
''http://www.secnet.com/advisoriers/sni-26.ascend.advisory.html/''
ABOUT SECURE NETWORKS INC
Secure Networks Inc. is a Canadian security research and development
organization. Secure Networks Inc. serves the Internet security community by
conducting in-depth research into the security of software systems deployed on
the Internet; the result of this research has been the discovery of many of
the Internet's most infamous security problems. For more information about
Secure Networks Inc., consult their web page at secnet.com.
SOURCE: Secure Networks Inc. |
