Info

Disclosure

Sep 13, 2004

Discovery

Unknown

Dates

Exploit

Sep 13, 2004

Solution

Unknown

Description

Some ZyXEL Prestige devices contains a flaw that may lead to an unauthorized information disclosure. ARP requests emitted by device could contain random parts of the memory (especially parts of recent telnet sessions) , which will disclose sensitive information to an attacker able to sniff the local network resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

ZyXEL Communications Corporation	ZyNOS	Vt020225a
ZyXEL Communications Corporation	Prestige 681	Unknown or Unspecified

References

Security Tracker: 1008999
Bugtraq ID: 11167
ISS X-Force ID: 17372
CVE ID: 2004-1684 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0127.html
http://whitestar.linuxbox.org/pipermail/exploits/2007-March/000165.html
Vendor URL: http://www.zyxel.com/

Credit

Przemyslaw Frasunek - venglinfreebsd.lublin.pl - Przemyslaw Frasunek

Direct URL: http://osvdb.org/9962

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

ZyXEL Communications Corporation

ZyNOS

Prestige 681

References

Credit