Bugtraq mailing list archives
3COM Documentation backdoors in CB3500
From: pribeiro () ISEL PT (Pedro Ribeiro)
Date: Wed, 23 Dec 1998 17:22:27 -0000
This is a "report" i'v sent to 3com some days ago.
While evaluating the 3com layer3 switch Corebuilder 3500 i'v detected while reading the "CoreBuilder 3500 Implementation Guide V2.0.0, PN:10011376"
that
several examples given in the Packet Filtering Chapter 10 have serious "security mistakes".
ALL the exemples of packet filtering of IP packets based on UDP/TCP ports information are wrong, simple because are assumed that the transport header fallows the basic IP header, witch isn't always true because beetwen the basic IP header and the transport layer header, a variable amount of IP options can appear.
We can't simply index to position 24?? of the ethernet frame to get the transport layer port information, this is only true if there are no options fallowing the IP header.
Pages that i found given wrong ideas/exemples about this subject: From 198
till 206
Conclusion: Using this packet filtering syntax it isn't possible to filter packets based in information that appears in variable positions in the MAC frames. 3Com is saying that this "Packet Filtering" feature makes thinks that he don't do.
PS: I'v also reported this to the 3Com local representative. I'm i wrong ?
[]---------------------------------------------------------------[] Pedro Ribeiro Online: http://www.isel.pt/~pribeiro/ IRC(PTnet) Nick: PAntMaR e-Mail: Personal: pribeiro () isel pt Admin: admin () isel pt []---------------------------------------------------------------[]
Current thread:
- Re: Verifying file data integrity using L6, (continued)
- Re: Verifying file data integrity using L6 James R Grinter (Dec 20)
- Re: Verifying file data integrity using L6 Marc SCHAEFER (Dec 20)
- Re: Verifying file data integrity using L6 Curt Sampson (Dec 21)
- Why you should avoid world-writable directories D. J. Bernstein (Dec 21)
- Re: Why you should avoid world-writable directories Darren Reed (Dec 22)
- Re: Why you should avoid world-writable directories Alan Cox (Dec 22)
- Re: Why you should avoid world-writable directories Casper Dik (Dec 23)
- Re: Why you should avoid world-writable directories Martin Forssen (Dec 23)
- Linux PAM (up to 0.64-2) local root compromise Michal Zalewski (Dec 23)
- Re: Linux PAM (up to 0.64-2) local root compromise Savochkin Andrey Vladimirovich (Dec 24)
- 3COM Documentation backdoors in CB3500 Pedro Ribeiro (Dec 23)
- New perl module Net::RawIP Sergey V. Kolychev (Dec 22)
- Update on Cisco IOS 12.0 security bug John Bashinski (Dec 22)
- Re: New perl module Net::RawIP route () RESENTMENT INFONEXUS COM (Dec 22)
- [SecureXpert Labs Advisory SX-98.12.23-01] Widespread DoS Richard Reiner (Dec 23)
- Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Updated) Anonymous (Dec 23)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 24)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Dima Volodin (Dec 25)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Lamont Granquist (Dec 28)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Igor Schein (Dec 28)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 28)