Bugtraq mailing list archives
Re: 3com hiperarch flaw [hiperbomb.c]
From: spork () INCH COM (Charles Sprickman)
Date: Sun, 15 Aug 1999 16:47:29 -0400
I'm forwarding this so that those not on the usr list can see an alternate workaround until it is fixed... Charles ---------- Forwarded message ---------- Date: Sat, 14 Aug 1999 00:39:36 -0500 (CDT) From: Tatai SV Krishnan <tkrishna () bubba ae usr com> Reply-To: usr-tc () lists xmission com Cc: usr-tc () lists xmission com Subject: RE: (usr-tc) HiperARC - Dangerous HiperBomb The workaround for this problem is setting up telnet clients on the hiper arc and enabling telnet client access. This program all it does is tries to open tcp connections, so on the hiper arc do this add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet> enable telnet cli This will tell the hiper arc to have access only from trusted hosts and this program will not cause any crash if some one tries to use it from different hosts. This hower is a work around only - We do understand that this is a serious issue and would come up with a fix. regards krish ----------------------------------------- \ T.S.V. Krishnan \ \ Network System Engineer \ ( : - : ) \ 3Com ............ \ ----------------------------------------------/ tkrishna () bubba ae usr com ----------------------------/ http://interproc.ae.usr.com ----/ -------------------------------------------------------------------------\ Any Sufficiently advanced bug is indistinguishable for a feature. - Rick Kulawiec -------------------------------------------------------------------------/ On Sat, 14 Aug 1999, Marshall Morgan wrote:
But your own customers can still reboot them via dialup to that NAS. Marshall Morgan Internet Doorway, Inc. (aka NETDOOR)-----Original Message----- From: owner-usr-tc () lists xmission com [mailto:owner-usr-tc () lists xmission com]On Behalf Of Rick Sent: Friday, August 13, 1999 10:07 PM To: usr-tc () lists xmission com Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6). As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs. Ed Taylor wrote:For HiperBomb code check out: http://www.securityfocus.com/templates/archive.pike?list=1 It is very serious and reboots the HiperArc's from anywhere. Ed ---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz () ripnet com> Reply-To: usr-tc () lists xmission com Date: Fri, 13 Aug 1999 19:03:36 -0400Just reading my Securityfocus email list and attacked was a new "RemoteHiPER ARC nuking program" I have the source if anyone cares to have it ... ----- Original Message ----- From: Jonathan Chapman <jchapman () 1ST NET> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]Hello, The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received noresponse.By flooding the telnet port of a 3com HiperARC using theprovided program,the HiperARC unconditionally reboots. This program iseffective over allinterfaces, including a dialup. Regards, Jonathan Chapman Director of Network Security FIRST Incorporated jchapman () 1st net www.1st.net- To unsubscribe to usr-tc, send an email to "majordomo () xmission com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message. - To unsubscribe to usr-tc, send an email to "majordomo () xmission com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick () monmouth com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - To unsubscribe to usr-tc, send an email to "majordomo () xmission com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.- To unsubscribe to usr-tc, send an email to "majordomo () xmission com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo () xmission com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Current thread:
- 3com hiperarch flaw [hiperbomb.c] Jonathan Chapman (Aug 12)
- Re: 3com hiperarch flaw [hiperbomb.c] synFlood (Aug 13)
- Re: 3com hiperarch flaw [hiperbomb.c] Mike Wronski (Aug 16)
- L0pht ICMP Router Discovery Advisory Paul S. Cosis (Aug 16)
- <Possible follow-ups>
- Re: 3com hiperarch flaw [hiperbomb.c] Charles Sprickman (Aug 15)