Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

vpn-root.txt

🗓️ 31 Aug 2000 00:00:00Reported by LokiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 37 Views

RapidStream VPN has a critical SSH vulnerability allowing remote root access.

Code
` Date: 8-14-00  
Time: 12:40p PST  
  
*/ You have been infected by the Bubonic Loki /*  
  
  
OVERVIEW  
---------  
  
RapidStream has hard-coded the 'rsadmin' account into the sshd  
binary in the appliance OS. The account has been given a 'null' password   
in which password assignment and authentication was expected to be  
handled by the RapidStream software itself. The vendor failed to realize that  
arbitrary commands could be appended to the ssh string when connecting to  
the SSH server on the remote vpn. This in effect could lead to many things,   
including the ability to spawn a remote root shell on the vpn.  
  
e.g. [root@attacker]# ssh -l rsadmin <ip of vpn> "/bin/sh -i;"  
e.g. [root@attacker]# ssh -l rsadmin <ip of vpn> "vi /etc/shadow"  
  
  
SYSTEMS AFFECTED  
I have not yet tested this with other VPN appliances that have  
installed SSH as their choice for remote access.  
  
1. RapidStream 8000 Family  
2. RapidStream 6000 Family  
3. RapidStream 4000 Family  
4. RapidStream 2000 Family  
  
  
IMPACT  
------  
  
1. Attacker can use VPN to ftp, and even install and run packet  
sniffers on the VPN which will allow him to sniff all traffic coming in and out  
of the VPN. Due to the fact that the administrator is not aware of the  
ability to spawn root shells, the intruder can go completely undetected.  
  
2. Immediate remote root access to VPN  
  
3. Can download /etc/shadow file to crack accounts including  
root. This will give the attacker the default password for all root accounts for all  
deployed RapidStream products.  
  
SOLUTION  
---------  
  
RapidStream has been contacted and is working on a new revision  
in which SSHD comes uninstalled. For those that do not wish to wait can put the  
VPN appliance behind a firewall where port 22 has been closed. An alternative  
is to use the vulnerability to ssh into the vpn and turn off SSHD yourself.  
  
SHOUTS  
#RootHat, Lamagra, Safety, BillyBobCat Pennington, Faisal, Mega,  
Lockdown, King  
Art"hur" and all the gang! "TIMMMY!, LIVIN A LIE!"  
Also mad shouts out to muh fiance! "Mahal Kita!"  
  
"Shouts to the fellow herd of the evil cow people, cow go moo!"  
moo?  
  
  
----------------------------------------------------------------------  
Loki [LoA]  
[email protected]  
----------------------------------------------------------------------  
PGP Key fingerprint = 67 1D 12 BE 61 D6 63 B2 6A 8C F8 A1 80 88 1B 4  
----------------------------------------------------------------------`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Aug 2000 00:00Current
7.4High risk
Vulners AI Score7.4
bubonic lokirapidstream ssh vulnerabilityremote root accessvpn security riskimpacted systems.
37