Affected systems are the Alcatel Speed Touch Home ADSL modem and the Alcatel 1000 ADSL Network Termination Device, researchers at the San Diego Supercomputer Center (SDSC), a unit of the University of California at San Diego, said in a security advisory Tuesday. The Computer Emergency Response Team (CERT) at Carnegie Mellon University also sent out an alert.
Researchers associated with the San Diego Supercomputer Center at the University of California, San Diego have identified multiple implementation flaws in the Alcatel Speed Touch ADSL modem (actually an ADSL-Ethernet router/bridge). These flaws can allow an intruder to take complete control of the device, including changing its configuration, uploading new firmware, and disrupting the communications between the telephone central office providing ADSL service and the device. These flaws allow the following malicious actions:
There are other USB modems on the market that use an Alcatel chipset, such as the Efficient Networks 4060. Do not expect either of these drivers to work with other modems. They won't. You should get a compatible ethernet modem in such situations. There are other USB modems with Linux drivers also. Se "swami jyotirmayananda
The major vulnerability referred to in the advisory (VU#211736 - Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks), does not apply to mainstream Operating Systems used by residential and small business subscribers (e.g. Windows 95, 98, 98se, ME, and typical installations of NT4.0 Workstation, 2000 Professional and the latest commercial releases of Linux).
