COMMAND

    FlowPoint DSL router

SYSTEMS AFFECTED

    FlowPoint DSL router 3.0.2...3.0.7

PROBLEM

    The following  URL contains  information about  a firmware upgrade
    for  FlowPoint  DSL  routers  that  fixes  a  possible   "security
    compromise".  FlowPoint has chosen not to release ANY  information
    whatsoever about the vulnerability:

        http://www.flowpoint.com/support/techbulletin/sec308.htm

    It involves a  bug that allows  a password recovery  feature to be
    utilized from the  LAN or WAN  instead of just  the serial console
    port.  Basically, throwing enough  6 digit numbers at a  pre-3.0.8
    router will allow you to get access to the box to do whatever  you
    want.  It appears as if the problem started in 3.0.4.

SOLUTION

    You  can  obtain  the  firmware   version  3.0.8  or  later   from
    FlowPoint's FTP site:

        ftp://systemv.com/pub/flopoint/support/upgrade/

    You can  turn off  SNMP and/or  telnet or  only allow  either from
    specific hosts, which is explained in the CLI manual.  The 6 digit
    serial number  for a  password is  only in  use if  you enable the
    password recovery feature,  so even if  you have telnet  access it
    isn't  usually  enabled.   Even  without  the firewall feature set
    (which costs more)  you can decide  which hosts can  access telnet
    or SNMP.