lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <38500.80.58.4.235.1058955435.squirrel@www.videosoft.net.uy>
From: idoru at videosoft.net.uy (David F. Madrid)
Subject: Denial of service in 3COM 812 DSL routers

Product affected : 3COM 812 OfficeConnect DSL routers

Firware affected :

1.1.9

2.0 ?

Description :

OfficeConnect is a router widely used in the world . Just in Spain ,
Telefonica buy more than 100000 812 routers to 3COM until 2001 to
deploy them in his ADSL lines .

The router can be rebooted due to a flaw in its web administration
interface . As no athentication is needed , every LAN user can cause
a crash and reboot of the router , stoping internet connection for
one or two minutes . A remote user can exploit it if the web interface
is available in the WAN interface of the router or if he can persuade
a user to click on a link in a forum or to visit a webpage ( as
you can always access the web interface if the connection is local
initiated , as is from the web browser ) .

I haven't tested this in another 812 router , but on mine the
buffer that holds the complete HTTP request is of 512 bytes
and is not checked if the lengh of the request is bigger that
this limit . So to reboot the router you just have to connect
to the web interface and send 512 bytes or more

perl -e 'print "A"x512;print "\n\n\n\n\n\n\n\n"' | netcat -v -n 127.0.0.1 80


You can read this advisory in Spanish in

http://nautopia.coolfreepages.com/vulnerabilidades/3com812_Web_DOS.htm


Regards ,

David F. Madrid ,
Madrid , Spain




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ