Vulnerability

    Foundry

Affected

    Foundry v07.1.09

Description

    Aaron found  following.   In the  release notes  for Foundry  code
    v07.1.09, we can notice the statement:

        If you entered a very  long string when prompted for  a Telnet
        password, then pressed Enter before the software timed out the
        access attempt, the device reset.

    This functions exactly as it describes on FastIrons, BigIrons, and
    ServerIrons running various versions of firmware.  If you can  get
    to a login prompt, you can reload the device.

    Please  note  that  this  above  is  incorrect.  Foundry's release
    notes ver. 7.1.09, which is the release notes for the FastIron  II
    family (FastIron II  and FastIron IIPlus)  and the BigIron  family
    (BigIron 4000 and  8000), stated that  this problem is  "FIXED" in
    7.1.09 and NOT a bug.   For the ServerIron family, release  7.1.06
    fixes this problem.

Solution

    This does not appear to  affect ssh logins, which recent  versions
    of the  Foundry firmware  support.   If you  have any Foundry gear
    with  externally  visible  IPs,  make  sure  you disable telnet or
    upgrade your firmware  to the latest.   This is particularly  true
    if  you  use  their  load-balancer  product, the ServerIron, which
    also supposedly functions to keep your site highly available.