Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » 3COM OfficeConnect HTTP Port Router Denial of Service

3COM OfficeConnect HTTP Port Router Denial of Service

by Phiber on September 26th, 2001 A problem has been discovered in the router firmware that could make it possible for remote users to deny service to legitimate users of networks serviced by the router.


During normal operation, if a user requests an HTTP connection to a 3com DSL router, they're presented with a prompt for authentication. Upon failing to authenticate, the user is sent a page displaying an image of the 3com logo.


The problem occurs in a user reaching this page, and requesting the name of the 3com image appended with a long string. The 3com image file can be viewed via directory http://3com.router/graphics/sml3com. However, upon appending a long string to the sml3com image name, the router becomes unstable, and power-cycles itself to resume normal operation.


The occurance of this can create a Denial of Service to networks serviced by this router.


Solution:

3com OfficeConnect DSL Router 812 1.1.7:

3Com Upgrade OfficeConnect 812 & 840 1.1.9.4
ftp://ftp.3com.com/pub/officeconnect/ocradsl/bld_1_1_9_4.zip

3com OfficeConnect DSL Router 840 1.1.7:

3Com Upgrade OfficeConnect 812 & 840 1.1.9.4
ftp://ftp.3com.com/pub/officeconnect/ocradsl/bld_1_1_9_4.zip


FYI:

OfficeConnect 812 is a DSL router manufactured by 3Com, and distributed by numerous DSL providers. OfficeConnect 812 is an integrated ADSL router with an onboard 4 port switch.


from SecurityFocus


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »