Bugtraq mailing list archives

3COM Documentation backdoors in CB3500

From: pribeiro () ISEL PT (Pedro Ribeiro)
Date: Wed, 23 Dec 1998 17:22:27 -0000


This is a "report" i'v sent to 3com some days ago.

While evaluating the 3com layer3 switch Corebuilder 3500 i'v detected while
reading the "CoreBuilder 3500 Implementation Guide V2.0.0, PN:10011376"

that

several examples given in the Packet Filtering Chapter 10 have serious
"security mistakes".

ALL the exemples of packet filtering of IP packets based on UDP/TCP ports
information are wrong, simple because are assumed that the transport header
fallows the basic IP header, witch isn't always true because beetwen the
basic IP header and the transport layer header, a variable amount of IP
options can appear.

We can't simply index to position 24?? of the ethernet frame to get the
transport layer port information, this is only true if there are no options
fallowing the IP header.

Pages that i found given wrong ideas/exemples about this subject: From 198

till 206

Conclusion: Using this packet filtering syntax it isn't possible to filter
packets based in information that appears in variable positions in the MAC
frames.
3Com is saying that this "Packet Filtering" feature makes thinks that he
don't do.

PS: I'v also reported this to the 3Com local representative.
I'm i wrong ?



[]---------------------------------------------------------------[]
  Pedro Ribeiro
  Online: http://www.isel.pt/~pribeiro/
  IRC(PTnet) Nick: PAntMaR
  e-Mail: Personal:  pribeiro () isel pt
          Admin:     admin () isel pt
[]---------------------------------------------------------------[]

Current thread:

Re: Verifying file data integrity using L6, (continued)
- Re: Verifying file data integrity using L6 James R Grinter (Dec 20)
- Re: Verifying file data integrity using L6 Marc SCHAEFER (Dec 20)
  - Re: Verifying file data integrity using L6 Curt Sampson (Dec 21)
  - Why you should avoid world-writable directories D. J. Bernstein (Dec 21)
    - Re: Why you should avoid world-writable directories Darren Reed (Dec 22)
    - Re: Why you should avoid world-writable directories Alan Cox (Dec 22)
    - Re: Why you should avoid world-writable directories Casper Dik (Dec 23)
    - Re: Why you should avoid world-writable directories Martin Forssen (Dec 23)
    - Linux PAM (up to 0.64-2) local root compromise Michal Zalewski (Dec 23)
    - Re: Linux PAM (up to 0.64-2) local root compromise Savochkin Andrey Vladimirovich (Dec 24)
    - 3COM Documentation backdoors in CB3500 Pedro Ribeiro (Dec 23)
    - New perl module Net::RawIP Sergey V. Kolychev (Dec 22)
    - Update on Cisco IOS 12.0 security bug John Bashinski (Dec 22)
    - Re: New perl module Net::RawIP route () RESENTMENT INFONEXUS COM (Dec 22)
    - [SecureXpert Labs Advisory SX-98.12.23-01] Widespread DoS Richard Reiner (Dec 23)
    - Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Updated) Anonymous (Dec 23)
    - Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 24)
    - Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Dima Volodin (Dec 25)
    - Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Lamont Granquist (Dec 28)
    - Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Igor Schein (Dec 28)
    - Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 28)

(Thread continues...)