search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Vulnerability Note VU#840249

Original Release Date: 2010-08-02 | Last Revised: 2014-06-02

Overview

The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password.

Description

An attacker with a known username and access to a service (telnet, rlogin or FTP) that uses the standard authentication API (loginDefaultEncrypt (), part of loginLib) can brute force the password in a relatively short period of time. Since the hashing algorithm is susceptible to collisions, the actual password does not have to be found, just a string that produces the same hash.

For instance, when the default 'target/password' login example is used, 'y{{{{{kS' hashes to the same string as 'password'. It is thus possible to login using both 'password' and 'y{{{{{kS' as the passwords for the user 'target'.

Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog.

Impact

An attacker can brute force a correct password by guessing a string that produces the same hash and access the relevant service as the known user.

Solution

Vendors which use VxWorks in their products should not use the default hashing algorithm in standard authentication API (loginDefaultEncrypt()). A trusted authentication API should be used instead. It can be installed by means of the loginEncryptInstall() loginLib hook.
In addition, and so as to avoid registration of the default 'target'/'password' credentials at init time, the LOGIN_USER_NAME and LOGIN_USER_PASSWORD project parameters/#defines should be set to empty strings (so that no user is registered using the default encryption routine). Only after the new encryption routine is registered should new users be added to the system.

loginEncryptInstall allows the user to install a custom encryption routine. The custom routine <rtn> must be of the following form:

STATUS encryptRoutine
       (
       char *password,               /* string to encrypt    */
       char *encryptedPassword       /* resulting encryption */
       )

The <encryptedPassword> string length should be no more than :
+ VxWorks 6.4 and below: 80 characters
+ VxWorks 6.5 and above: 128 characters

When a custom encryption routine is installed, a host version of this routine must be written to replace the tool vxencrypt in host/<hostOs>/bin.

Appendix #1 shows example code making use of loginEncryptInstall() to set a custom encryption routine. Depending on the VxWorks version used, either SHA-512 or SHA-256 are used.

DISCLAIMER: The following example code was provided by Wind River Systems. It is for demonstration purposes only and should not be used as is.

APPENDIX #1
/* Sample loginEncryptInstallCode() */

/* includes */

#include <vxWorks.h>
#include <errnoLib.h>/* for errnoGet API */
#include <fcntl.h>/* for open API */
#include <stdio.h>/* for sprintf API */
#include <string.h>/* for string handling */
#include <unistd.h>/* for close API */
#include <loginLib.h>   /* library under test */
#include <sysSymTbl.h>/* for sySymTbl variable */

/* globals */

/*
 * SHA-512 and SHA-256 digests corresponding to the 'vincent' string.
 * VxWorks 6.4 and below use SHA-256 because of the 80 chars
 * loginEncryptInstall() digest limit, while post 6.5 versions use SHA-512.
 */

#if ((_WRS_VXWORKS_MAJOR == 6) && (_WRS_VXWORKS_MINOR > 4))
char * cryptSha = "38256fbe4e80d9ffd355409f36238ae18e62c668208c259e60"
 "ca323ab47cf55b8656e88e56593d531b250aae2c35376b387d"
 "83ade5e3e8b6c042133b97030fa4";
char * shaIdent = "SHA-512";
#else
char * cryptSha = "65c3f75641b22925c737ca657b126cd68c39e423349d43031c"
 "f9a3b9a18cee1f";
char * shaIdent = "SHA-256";
#endif

/* locals */

LOCAL STATUS fixed_sha (char* password, char* encryptedpassword);

/*******************************************************************************
*
* loginEncryptInstallExample - register and use a custom encryption routine
*
* RETURNS: N/A
*/

STATUS loginEncryptInstallExample (void)
    {
    char* name = "vincent";
    char* passwd = "vincent";
    STATUS status = ERROR;

    /* Register our new encryption routine */

    loginEncryptInstall (fixed_sha, 0);
    printf ("Registered %s encryption routine.\", shaIdent);

    /* Add a new user using this encryption routine */

    if (loginUserAdd (name, cryptSha) != OK)
        {
printf ("Unable to add new user to system using %s encryption"
"routine [errno = %#x].\", shaIdent, errnoGet ());

        return ERROR;
        }
    else
        {
/* Launch the verification process */

if (loginUserVerify (name, passwd) != OK)
   {
   printf ("Successfully registered and added a new user "
   "with custom encryption routine but password "
   "check failed [errno = %#x].\", errnoGet ());

   goto cleanup;
   }
else
   {
   printf ("Successfully used custom encryption routine "
   "(routine registration, user creation and "
   "verification).\");
   }
}

    status = OK;

cleanup:

    /* Remove user and module; unregister routine */

    if (loginUserDelete (name, passwd) != OK)
{
printf ("There was a problem while trying to delete the "
"newly added user during cleanup [errno = " "%#x].\",
errnoGet ());
status = ERROR;
}

    loginEncryptInstall ((FUNCPTR) loginDefaultEncrypt, 0);
    return status;
    }

/******************************************************************************
* fixed_sha - returns a fixed SHA digest
*
* RETURNS: Always OK
*/

LOCAL STATUS fixed_sha
    (
    char* password,
    char* encryptedpassword
    )
    {
    /*
     * IMPORTANT : This test routine should be replaced by a real SHA
     * generator. Because of the fixed digest, the current version does not
     * perform actual user validation (i.e all passwords are accepted for user
     * 'vincent').
     */

    strcpy (encryptedpassword, cryptSha);
    return OK;
    }

Restrict access

Appropriate firewall rules should be implemented to restrict access to any services that use the standard authentication API.

Disable services
Services such as FTP or telnet should be disabled if not needed.

Monitor access
IDS signatures should be implemented to detect brute force attacks to services that use the standard authentication API.

Vendor Information

840249
Expand all

Ericsson

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Polycom

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems, Inc.

Notified:  June 03, 2010 Updated:  August 02, 2010

Status

  Affected

Vendor Statement

Wind River has analyzed VU#840249, and determined that all versions of VxWorks that use the default hash algorithm (loginDefaultEncrypt) in loginLib can be vulnerable. VxWorks has a very strong track record of offering secure products and Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact. Customers are encouraged to follow one of the remediation actions outlined in the SOLUTION section of the vulnerability post. When released, VxWorks 6.9 will further strengthen the default hash algorithm.

Registered users can access Wind River's online support for more information by following the link below. Registered users will also find patches to remove the 80 characters limitation for encrypted password string length on VxWorks versions 5.5.1 through 6.4.
https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709

Or contact Wind River technical support for more information:
http://windriver.com/support/

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Canon

Notified:  June 29, 2010 Updated:  August 09, 2010

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

EMC Corporation

Notified:  June 14, 2010 Updated:  August 04, 2010

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ricoh Company Ltd.

Notified:  June 29, 2010 Updated:  August 06, 2010

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Rockwell Automation

Notified:  July 07, 2010 Updated:  August 02, 2010

Statement Date:   July 15, 2010

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Rockwell Automation has indicated that they are not affected by this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Siemens

Notified:  June 29, 2010 Updated:  April 29, 2011

Status

  Not Affected

Vendor Statement

Security Advisory Report - OBSO-1007-01

Wind River VxWorks: weak default hashing algorithm in standard authentication API (loginLib)

Creation Date: 2010-07-22
Last Update: 2010-07-22

Summary
Wind River has published a security advisory, which states, that the default hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password.

Vulnerability Details
An attacker with a known username and access to a service (telnet, rlogin or FTP) that uses the standard authentication API (loginDefaultEncrypt (), part of loginLib) can brute force the password in a relatively short period of time. Since the hashing algorithm is susceptible to collisions, the actual password does not have to be found, just a string that produces the same hash. For instance, when the default 'target/password' login example is used, 'y{{{{{kS' hashes to the same string as 'password'. It is thus possible to login using both 'password' and 'y{{{{{kS' as the passwords for the user 'target'.

Impact:
Because an attacker can brute force a correct password by guessing a string that produces the same hash and access the relevant service as a known user. Applications such as rlogin, telnet, and FTP rely on loginLib for security, and can be used to gain access to the device.

Affected Products
No products from Siemens Enterprise Communications are affected.

The following products include VxWorks as operating system, but none of them make use of the standard login library:

    • HiPath 4000
    • HiPath 3000 (HG 1500)
    • HiPath Wireless Convergence
    • optiPoint 410/420 HFA/SIP
    • RG 8700

Recommended Actions
None.

References

Vendor Information

The above information was provided by the vendor.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

amx

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

3com Inc

Notified:  June 14, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ARRIS

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Actelis Networks

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel-Lucent

Notified:  June 14, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Allied Telesis

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alvarion

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Aperto Networks

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avaya, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Broadcom

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Brocade

Notified:  August 03, 2010 Updated:  August 03, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Carrier Access

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ceragon Networks Inc

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Dell Computer Corporation, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Digicom

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

DrayTek Corporation

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Enablence

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Enterasys Networks

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Epson America, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fluke Networks

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gilat Network Systems

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Guangzhou Gaoke Communications

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Huawei Technologies

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IWATSU Voice Networks

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel Corporation

Notified:  August 03, 2010 Updated:  August 03, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Keda Communications

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Knovative Inc

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lenovo

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lutron Electronics

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Maipu Communication Technology

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mitel Networks, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Motorola, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Netgear, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks, Inc.

Notified:  July 14, 2010 Updated:  July 14, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Proxim, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SMC Networks, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Samsung

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Shoretel Communications, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TRENDnet

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Tut Systems, Inc.

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Xerox

Notified:  June 29, 2010 Updated:  August 04, 2010

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 9.5 E:H/RL:W/RC:C
Environmental 9.5 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to HD Moore for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2010-2967
Severity Metric: 23.63
Date Public: 2010-08-02
Date First Published: 2010-08-02
Date Last Updated: 2014-06-02 20:31 UTC
Document Revision: 60

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.