BinTec X4000 Access Router DoS Vulnerability

2001-04-05T00:00:00
ID SECURITYVULNS:DOC:1469
Type securityvulns
Reporter Securityvulns
Modified 2001-04-05T00:00:00

Description

BinTec X4000 locks up after nmap -sS portscan

The BinTec X4000 is a mid-sized multi-purpose, multi-protocol router meant to fit the needs of small to medium companies. Unfortunately, it has a bit of a problem.

A simple nmap SYN scan (nmap -sS) will cause the machine to lock up completely. It can neither be accessed through LAN nor through a serial connection or the built in, LCD-display-based MMI (man-machine-interface). The only way of getting it back to life is to pull the plug and put it back in.

I have contacted BinTec on the 12th of March, informing them of the problem. One day later I received an answer in which they told me they were going to try and verify the phenomenon with a test setup. Despite offering them further information and assistance, I was yet to hear anything from them.

After a subsequent ultra-necessary 14-day-holiday, I originally expected the arrival of a message containig results. There was nothing, niente, nada.

So I phoned them up again, just to hear they've verified the problem and handed it to their development staff. Asking why they didn't tell me about this fact they replied the development staff never contacts the customers directly. Also, in these cases the support staff contacts the distribution partners and they contact their very own customers. So I phoned my dealer and he phoned hist distributor, none of which was informed, despite having submitted own requests for info after I told them of the vulnerability.

I have not heard anything from them ever since. I consider the fact that they have a problem with their products which even they decribe as 'escalating' and were not able to clarify it within more than 20 days somewhat disturbing. What bothers me even more is the kind of information policy. I thought we were behind the security-through-obscurity phase.

As far as I know, every firmware version has the vulnerability, though I've only verified this with 5.1.6 Patch 10 of the bootimage and logicware 1.05. I've used nmap 2.53.

Ah, and before I forget it: BinTec has introduced a 4-week-money-back warranty for the X4000 from April 1st onwards. Hardly a coincidence.

Bye, Jan

Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muenther@radio.hundert6.de