SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Router/Bridge/Hub)  >  SURFboard Vendors:  Motorola
Motorola SURFboard Cable Modem Can Be Crashed By Remote Users Conducting Port Scans
SecurityTracker Alert ID:  1005519
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 3 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): SB4200; firmware version SB4200-0.4.4.0-SCM06-NOSH
Description:  A denial of service vulnerability was reported in Motorola's SURFboard SB4200 cable modem. A remote user can cause the device to crash.

It is reported that the default installation used by AT&T Broadband Internet allows a remote user to crash the device. A remote user can conduct a port scan of the modem's IP address to cause the modem to crash. A demonstration expoit is provided:

nmap -sS -p 1-1024 [ip address]

A remote user on the internal LAN can also conduct a port scan against the modem's internal IP address to cause the device to crash.

A hard restart is required to return to normal operations.

Version SB4200-0.4.4.0-SCM06-NOSH is affected. Other versions may also be affected.

Other users report that version SB4220-0.6.3.0-SCM-01-NOSH and SB4100 model version SB4100E-4.1.4-SCM9-NOSHELL is not vulnerable.
Impact:  A remote user can cause the device to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.gi.com/noflash/sb4200.html (Links to External Site)
Cause:  Exception handling error
Reported By:  Ryan Sweat <rsweat@attbi.com>
Message History:   None.

 Source Message Contents
Date:  30 Oct 2002 14:02:27 -0600
From:  Ryan Sweat <rsweat@attbi.com>
Subject:  Motorola Cable Modem DOS

 

I've found it trivial to crash the Motorola Surfboard 4200 Cable modem,
as installed default by AT&T Broadband Internet.

The modem acts as a bridge, but also has an internal RFC1918 IP address
(192.168.100.1).  Simply  nmap'ing the cable user's IP address, ie:
# nmap -sS -p 1-1024 12.x.x.x
will cause it to crash, rendering the ethernet interface useless.  It is
also possible to crash it from the lan by simply doing the same scan
against the cable modem's internal IP address.  The crash is not
specific to nmap, there are other publicly available tools which cause
the same result.  This is known to be effective on Software Version:
SB4200-0.4.4.0-SCM06-NOSH. (possibly others?)

The only way to restore network connectivity is to physically unplug the
cable modem for a few seconds, then restore power.  A better solution
would be to buy your own cable modem, and not rent this useless junk
from AT&T.

Attempts to notify AT&T about this issue resulted in them wanting to
send a technician to my house to check my wiring.  Don't even get me
started on their tech support...

Ryan


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC