3Com SuperStack Remote Access System 1500 Discloses Configuration Information to and Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1006370 |
|
SecurityTracker URL: http://securitytracker.com/id/1006370
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 24 2003
|
Impact:
Denial of service via network, Disclosure of system information
|
Exploit Included: Yes
|
Version(s): 3Com SuperStack Remote Access System 1500; Firmware X2.0.10
|
Description:
Two vulnerabilities were reported in the 3Com SuperStack Remote Access System 1500. A remote user can cause the device to crash and reboot. A remote user can also retrieve configuration information from the device.
iSEC reported that a remote user can send a specially crafted packet with the IP option length field set to zero to cause the target router to crash and reboot. All switched connections on the PRI-ISDN interface will be dropped, according to the report. A demonstration exploit is provided in the iSEC advisory, available at:
http://isec.pl/vulnerabilities/isec-0009-3com-ras.txt
It is also reported that a remote user can access the web interface to view various system and configuration information. The device reportedly requires authentication for only some of the files on the router.
A demonstration exploit command to retrieve the user_settings.cfg configuration file is provided:
GET /user_settings.cfg HTTP/1.0
|
Impact:
A remote user can crash the device, causing connections to be dropped before the device automatically reboots.
A remote user can obtain various configuration information from the server.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.3com/ras1500 (Links to External Site)
|
Cause:
Access control error, Exception handling error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
