|
Title
|
Nortel Wireless LAN Access Point 2200 administrative Telnet Service Denial of Service
|
|
ID
|
SYBSEC-ADV02
|
|
Severity
|
MEDIUM - Denial of Service
|
|
History
|
01.MAR.2002 Vulnerability discovered
05.MAR.2002 Vendor contacted
|
|
Scope
|
Application Denial of Service
|
|
Platforms
|
Nortel Wireless LAN Access Point
|
|
Author
|
|
|
URL
|
http://www.sybsecurity.com/advisors/SYBSEC-ADV02-Nortel_Wireless_LAN_Access_Point_2200_administrative_Telnet_service_Denial_Of_Service
|
|
Release
|
Public
|
|
Overview
|
Nortel Wireless LAN Access Point 2200 series are vulnerable to a denial of service attack.
|
|
Affected versions
|
The vulnerability has been reported in versions Lan Access Point
Nortel Networks WLAN Access Point 2225
Nortel Networks WLAN Access Point 2221
Nortel Networks WLAN Access Point 2220
|
|
Description
|
By sending a specially-crafted request to the administrative Telnet service listening on port 23,
a remote attacker can cause the service to crash, which would cause the device to stop processing new requests from legitimate users.
|
|
Workaround
|
|
|
Acknowledgments
|
|
|
References
|
|
|
Details
|
Nortel Wireless LAN Access Point 2200 series appliances have been reported to be prone to a remote denial of
service vulnerability. The issue is reported to present itself when a large network request is handled by one of
the Wireless LAN Access Point default administration services. This will reportedly cause the Access Point Appliance
Operating service to crash, effectively denying service to legitimate users.
|
|
Exploit tool
|
|
Buscar
