[ http://www.rootshell.com/ ]
Date:         Mon, 2 Nov 1998 11:24:30 -0600
From:         Tim Yocum 
Subject:      APC PowerNet SNMP vulnerability
Several days ago after installing an APC PowerNet SNMP module (v3.0.0,
firmware revision 82.9.D MWD) into a SmartUPS 2200 series UPS, I decided to
try out a few of the well-known DoS attacks on it after getting the module
up on the network. The results didn't surprise me too much - the module will
reboot after being hit with nestea/teardrop, and probably others. I
contacted APC about the problem last week and received two replies:
"This device was not meant to withstand malicious attacks.  That is why it
should be protected behind a firewall along with other network devices."and
"There is no fix scheduled for this.  The device is more secure when used on
a secured network protected by a firewall."
I'm somewhat disturbed by response from APC as it'd be quite simple for
someone to interrupt SNMP data gathering from these devices since it takes
the module anywhere from 20 seconds to a full 3 minutes to reboot.
Workarounds are obvious; either put the SNMP module on a non-routable IP
block or put it behind a firewall.
Maybe APC will fix this problem, but at this point I wouldn't keep my hopesup.
Regards,- Tim--------------------------------------------------------
Tim Yocum               -       NT Systems Administrator
Verio, Inc.             -       http://chicago.verio.net
----------------------------------------------------------------------------
Date:         Wed, 25 Nov 1998 09:51:53 +0000
From:         Paul Mansfield 
Subject:      APC PowerNet SNMP Adapter Security Issues - Beta Firmware
              Available (fwd)
I asked APCC about the vulnerabilities in their software having read about them
in this and other forums (fora?), and initially received a reply saying they
were working on it, and they took the problem seriously.
Today I received a report that new software was available in beta. Those of you
who are exposed to the DoS-ability of your UPS units might want to see if you
can get hold of this beta.Reply quoted below, stripped of personal information.
Paul
/* My parachute came with a "lifetime" warranty. Why am I'm not reassured ? */
---------- Forwarded message ----------Date: Tue, 24 Nov 1998 17:50:05 -0500
Subject: APC PowerNet SNMP Adapter Security Issues - Beta Firmware  Available
Paul,The protocol stack fixes for the SNMP Adapter are complete.  We are Beta
testing the new firmware changes during the next several weeks. The SNMP
Adapter v3.0.2.b can now successfully survive the following attacks:
Ping of Death, Nestea, Bonk, Jolt, Land, Newtear, Syndrop, Teardrop,Winnuke
I would like you to help ensure that we have resolved the vulnerabilities that
you have described in your previous e-mails by beta testing the new firmware.
If you are interested in helping us verify the new firmware, please let meknow.
Regards,-snip -American Power Conversion1-800-788-2208-snip --snip -

    Source: geocities.com/dharan6/library/hack

               ( geocities.com/dharan6/library)                   ( geocities.com/dharan6)