3Com SuperStack Remote Access System 1500 Discloses Configuration Information to and Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1006370 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 24 2003
|
Impact: Denial of service via network, Disclosure of system information
|
Exploit Included: Yes
|
Version(s): 3Com SuperStack Remote Access System 1500; Firmware X2.0.10
|
Description: Two vulnerabilities were reported in the 3Com SuperStack Remote Access System 1500. A remote user can cause the device to crash and reboot. A remote user can also retrieve configuration information from the device.
iSEC reported that a remote user can send a specially crafted packet with the IP option length field set to zero to cause the target
router to crash and reboot. All switched connections on the PRI-ISDN interface will be dropped, according to the report. A demonstration
exploit is provided in the iSEC advisory, available at:
http://isec.pl/vulnerabilities/isec-0009-3com-ras.txt
It is also reported
that a remote user can access the web interface to view various system and configuration information. The device reportedly requires
authentication for only some of the files on the router.
A demonstration exploit command to retrieve the user_settings.cfg configuration
file is provided:
GET /user_settings.cfg HTTP/1.0
|
Impact: A remote user can crash the device, causing connections to be dropped before the device automatically reboots.
A remote user can obtain various configuration information from the server.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.3com/ras1500 (Links to External Site)
|
Cause: Access control error, Exception handling error
|
Reported By: Piotr Chytla <pch@isec.pl>
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
