Strange "news" release --
Secure Networks Inc Uncovers Vulnerabilities in Ascend Routers
CALGARY, March 16 /CNW-PRN/ - Secure Networks Inc. announced today the discovery of security vulnerabilities in router and access-server hardware provided by Ascend Communications, Inc (NASDAQ; ASND). The problems discovered allow attackers to crash Ascend Pipeline and MAX routers, cutting off network connectivity at sites that rely on them. Additionally, the default configuration, attackers can completely reconfigure vulnerable routers.
Secure Networks Inc., a security research and development company, is releasing this new information to inform the community of the risks involved in running vulnerable routers, and to explain how these problems can be addressed by network operators. ''Organizations that rely on Ascend equipment need to know about these problems,'' said Thomas Ptacek, author of the new report. ''Attackers can abuse vulnerable Ascend routers to compromise entire enterprise networks.''
The recently released technical report outlines two security issues with Ascend routers. One of them exploits a proprietary Ascend configuration protocol to cause the router to lock up; the other uses the router's SNMP management capability to download and view the full router configuration, which includes the passwords to the machine. These problems have been confirmed on Ascend's Pipeline and MAX platforms.
''Given that routers are such an integral part of network infrastructures, vulnerabilities such as this pose a tremendous threat'', commented Alfred Huger, project manager at Secure Networks. ''We feel that it is tremendously important that end users of these products, be properly appraised of just how secure these products are''.
Ascend Communications has been notified of these problems, and is believed to be addressing them in a new version of the router's software. In the interim, Secure Networks, Inc. has provided information explaining how network operators can defend against these problems by reconfiguring the vulnerable router.
A detailed security advisory has been made available at:
''http://www.secnet.com/advisoriers/sni-26.ascend.advisory.html/''
ABOUT SECURE NETWORKS INC
Secure Networks Inc. is a Canadian security research and development organization. Secure Networks Inc. serves the Internet security community by conducting in-depth research into the security of software systems deployed on the Internet; the result of this research has been the discovery of many of the Internet's most infamous security problems. For more information about Secure Networks Inc., consult their web page at secnet.com.
SOURCE: Secure Networks Inc. |
