Hello and welcome to the Monday, October 28, 2004 edition of the Sands and its Storms

Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

In diaries today, just a quick reminder that older Evanti-Wanabiliies are still being exploited quite aggressively, had two today

that sort of raised some alarms, and both of them were which he discussed back in January

and also exploited back then.

And it's of a combination of, first of all, an authentication bypass vulnerability.

And that's a pretty straightforward directory traversal issue. And then secondly, of course,

how it's being exploited, where the one scan that we are seeing here is not really the exploit itself then,

but check if a specific backdoor, a web shell

is being installed that has been seen in some of these earlier exploit attempts back in January.

The web shell here is a little bit tricky to detect in the sense that it's not sort of additional files being added to the system, but files that exist on the system being modified.

And SSD Secure Disclosure published blog post with details regarding vulnerability affecting at least one Wi-Fi access point vendor.

This particular access point is made by Arcadian.

However, the vulnerability is sort of interesting in that it's not in software.

It's actually sort of required by this particular vendor by this access point,

but the vulnerable software here is produced by the Wi-Fi Alliance.

Wi-Fi Alliance is an industry organization that verifies if appliances like this comply with

the respective Wi-Fi standards, and in order to facilitate

this, they actually developed a test suite. The problem here is that Arcadian apparently

still left this test suite enabled on its production routers that were sold to the public,

but it's very possible that other vendors did the same thing.

If this test suite is enabled,

...