Sign-up

ID

VAR-200112-0223


CVE

CVE-2001-1484


TITLE

Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks

Trust: 0.8

sources: CERT/CC: VU#211736

DESCRIPTION

Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line (ADSL) modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.The SDSC has published additional information regarding these vulnerabilities at http://security.sdsc.edu/self-help/alcatel/. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Adsl Modem 1000 is prone to a remote security vulnerability. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. Alcatel ADSL modems are vulnerable. The vulnerability allows unauthenticated access to TFTP

Trust: 3.69

sources: NVD: CVE-2001-1484 // CERT/CC: VU#211736 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 89747 // BID: 2636 // VULHUB: VHN-4288

AFFECTED PRODUCTS

vendor:alcatelmodel:speed touch adsl modemscope:eqversion:home

Trust: 1.6

vendor:alcatelmodel:adsl modem 1000scope:eqversion:*

Trust: 1.0

vendor:alcatelmodel: - scope: - version: -

Trust: 0.8

vendor:lotusmodel: - scope: - version: -

Trust: 0.8

vendor:ritmodel: - scope: - version: -

Trust: 0.8

vendor:alcatelmodel:adsl modem 1000scope: - version: -

Trust: 0.6

vendor:alcatelmodel:speed touch adsl modem homescope: - version: -

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.101

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.51

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.49

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.48

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.47

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.46

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.45

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.44

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.43

Trust: 0.3

vendor:ritmodel:research labs the bat! fscope:eqversion:1.42

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.42

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.41

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.39

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.36

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.35

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.34

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.33

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.32

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.31

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.22

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.21

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.19

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.18

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.17

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.15

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.14

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.5

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.1

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.043

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.041

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.039

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.036

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.035

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.032

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.031

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.029

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.028

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.015

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:eqversion:1.011

Trust: 0.3

vendor:ritmodel:research labs the bat!scope:neversion:1.52

Trust: 0.3

sources: CERT/CC: VU#211736 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 89747 // BID: 2636 // CNNVD: CNNVD-200112-195 // NVD: CVE-2001-1484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1484
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#211736
value: 27.56

Trust: 0.8

CARNEGIE MELLON: VU#555464
value: 4.25

Trust: 0.8

CARNEGIE MELLON: VU#310816
value: 1.62

Trust: 0.8

CNNVD: CNNVD-200112-195
value: HIGH

Trust: 0.6

VULHUB: VHN-4288
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-1484
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-4288
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#211736 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-4288 // CNNVD: CNNVD-200112-195 // NVD: CVE-2001-1484

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1484

THREAT TYPE

network

Trust: 0.6

sources: BID: 89747 // BID: 2636

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 89747 // BID: 2636

EXTERNAL IDS

db:CERT/CCid:VU#211736

Trust: 2.8

db:NVDid:CVE-2001-1484

Trust: 2.0

db:BIDid:2636

Trust: 1.1

db:XFid:6336

Trust: 0.9

db:BIDid:2599

Trust: 0.8

db:XFid:6350

Trust: 0.8

db:CERT/CCid:VU#555464

Trust: 0.8

db:XFid:6423

Trust: 0.8

db:CERT/CCid:VU#310816

Trust: 0.8

db:CNNVDid:CNNVD-200112-195

Trust: 0.7

db:CERT/CCid:CA-2001-08

Trust: 0.6

db:BIDid:89747

Trust: 0.4

db:VULHUBid:VHN-4288

Trust: 0.1

sources: CERT/CC: VU#211736 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-4288 // BID: 89747 // BID: 2636 // CNNVD: CNNVD-200112-195 // NVD: CVE-2001-1484

REFERENCES

url:http://www.cert.org/advisories/ca-2001-08.html

Trust: 2.0

url:http://www.kb.cert.org/vuls/id/211736

Trust: 2.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6336

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/6336

Trust: 0.9

url:http://security.sdsc.edu/self-help/alcatel/

Trust: 0.8

url:http://www.alcatel.com/consumer/dsl/security.htm

Trust: 0.8

url:http://www.securityfocus.com/bid/2599

Trust: 0.8

url:http://www.securityfocus.com/advisories/3208

Trust: 0.8

url:http://xforce.iss.net/static/6350.php

Trust: 0.8

url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument

Trust: 0.8

url:http://www.securityfocus.com/bid/2636

Trust: 0.8

url:http://www.ritlabs.com/the_bat/index.html

Trust: 0.8

url:http://www.security.nnov.ru/search/news.asp?binid=1136

Trust: 0.8

url:http://xforce.iss.net/static/6423.php

Trust: 0.8

url:http://www.thebat.net

Trust: 0.3

sources: CERT/CC: VU#211736 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-4288 // BID: 89747 // BID: 2636 // CNNVD: CNNVD-200112-195 // NVD: CVE-2001-1484

CREDITS

Unknown

Trust: 0.3

sources: BID: 89747

SOURCES

db:CERT/CCid:VU#211736
db:CERT/CCid:VU#555464
db:CERT/CCid:VU#310816
db:VULHUBid:VHN-4288
db:BIDid:89747
db:BIDid:2636
db:CNNVDid:CNNVD-200112-195
db:NVDid:CVE-2001-1484

LAST UPDATE DATE

2026-04-18T20:18:52.344000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#211736date:2001-04-11T00:00:00
db:CERT/CCid:VU#555464date:2001-07-17T00:00:00
db:CERT/CCid:VU#310816date:2001-08-30T00:00:00
db:VULHUBid:VHN-4288date:2017-07-11T00:00:00
db:BIDid:89747date:2001-12-31T00:00:00
db:BIDid:2636date:2001-04-18T00:00:00
db:CNNVDid:CNNVD-200112-195date:2005-10-20T00:00:00
db:NVDid:CVE-2001-1484date:2026-04-16T00:27:16.627

SOURCES RELEASE DATE

db:CERT/CCid:VU#211736date:2001-04-10T00:00:00
db:CERT/CCid:VU#555464date:2001-07-12T00:00:00
db:CERT/CCid:VU#310816date:2001-06-01T00:00:00
db:VULHUBid:VHN-4288date:2001-12-31T00:00:00
db:BIDid:89747date:2001-12-31T00:00:00
db:BIDid:2636date:2001-04-18T00:00:00
db:CNNVDid:CNNVD-200112-195date:2001-12-31T00:00:00
db:NVDid:CVE-2001-1484date:2001-12-31T05:00:00