| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: idoru at videosoft.net.uy (David F. Madrid) Subject: Denial of service in 3COM 812 DSL routers Product affected : 3COM 812 OfficeConnect DSL routers Firware affected : 1.1.9 2.0 ? Description : OfficeConnect is a router widely used in the world . Just in Spain , Telefonica buy more than 100000 812 routers to 3COM until 2001 to deploy them in his ADSL lines . The router can be rebooted due to a flaw in its web administration interface . As no athentication is needed , every LAN user can cause a crash and reboot of the router , stoping internet connection for one or two minutes . A remote user can exploit it if the web interface is available in the WAN interface of the router or if he can persuade a user to click on a link in a forum or to visit a webpage ( as you can always access the web interface if the connection is local initiated , as is from the web browser ) . I haven't tested this in another 812 router , but on mine the buffer that holds the complete HTTP request is of 512 bytes and is not checked if the lengh of the request is bigger that this limit . So to reboot the router you just have to connect to the web interface and send 512 bytes or more perl -e 'print "A"x512;print "\n\n\n\n\n\n\n\n"' | netcat -v -n 127.0.0.1 80 You can read this advisory in Spanish in http://nautopia.coolfreepages.com/vulnerabilidades/3com812_Web_DOS.htm Regards , David F. Madrid , Madrid , Spain
Powered by blists - more mailing lists