OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Peter Gründl (peter.grundlDEFCOM.COM)
Date: Tue Jan 23 2001 - 05:57:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ======================================================================
                       Defcom Labs Advisory def-2001-06

                           Easycom/Safecom 10/100 Multiple DoS

    Author: Peter Gründl <peter.grundldefcom.com>
    Release Date: 2001-01-23
    ======================================================================
    ------------------------=[Brief Description]=-------------------------
    The Easycom/Safecom print server from I-Data International contains
    multiple vulnerabilites that allow a malicious user to bring down the
    print server. Execution of arbitrary code is also possible.

    ------------------------=[Affected Systems]=--------------------------
    - Easycom/Safecom, firmware 404.590
    - Most likely older firmware revisions as well

    ----------------------=[Detailed Description]=------------------------
    The print server has a web service running on port 80 and on port 631.
    Both are vulnerable to a long URL request. The long URL results in a
    buffer overflow on the server. The effect can either be that the unit
    crashes or execution of arbitrary code on the server.

    The PrintGuide service on port 5742 will cease to respond, if you send
    two bursts (80 connects in each burst) of null characters to the port.

    The FTP service on TCP port 21 is vulnerable to data flooding. The
    flooding results in the unit being disconnected from the network.

    The web services on port 80 and port 631 are both vulnerable to long
    HTTP requests. An infinite HTTP request will result in the unit being
    disconnected from the network. This is done by eg. issuing a normal
    GET request and filling A's into an HTTP header field, like "host:".

    The TCP/IP implementation on the Easycom/Safecom unit is vulnerable
    to flooding. Sending large burst of "normal" network packets to the
    unit at eg. 10 mbit will result in the unit being disconnected from
    the network.

    ---------------------------=[Workaround]=-----------------------------
    No vendor supplied workaround known. You could put your unit behind a
    filtering router, and make sure the ports aren't accessible from the
    network (except from the managing console, of course).

    -------------------------=[Vendor Response]=--------------------------
    This issue was brought to the vendor's attention on the 30th of
    November, 2000. Vendor promises to look into it, but has not yet come
    up with any indication on when a fix would be available.

    ======================================================================
                 This release was brought to you by Defcom Labs

                   labsdefcom.com www.defcom.com
    ======================================================================