[11391] in bugtraq
Re: 3com hiperarch flaw [hiperbomb.c]
daemon@ATHENA.MIT.EDU (Mike Wronski)
Tue Aug 17 17:50:05 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001601bee818$267036e0$3d777095@overflow..ae.usr.com>
Date: Mon, 16 Aug 1999 13:50:02 -0500
Reply-To: mike@coredump.ae.usr.com
From: Mike Wronski <mike@COREDUMP.AE.USR.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9908121800200.27775-200000@noc.1st.net>
3Com acknowledges and has verified the existence of the hiperbomb DOS attack. All
HiPer ARC software (4.0 - 4.2.29) is vulnerable to the attack. The following
workaround will protect your equipment until the software patch becomes
available. Defect is logged under 3Com MR#11022
It is possible to add a telnet access list of trusted hosts on the HiPer ARC. It
can be assumed that the attack will not come from a trusted host. It is also
recommended that you do no allow any telnet sessions from outside your network.
To add a telnet access list:
1) add telnet clients. These clients may be individual hosts or networks.
"ADD TELNET CLIENT X.X.X.X"
"LIST TELNET CLIENTS" will list all configured clients
2) Enable the telnet client access list feature.
"ENABLE TELNET CLIENT_ACCESS"
A follow up post will be made when the patched code is made available.
This workaround can also be found on the 3Com Knowledge Base (3KB) at
http://knowledgebase.3com.com/ under document ID: 2.0.2107762.2279004
---------------------------------------------------------
Mike Wronski (mike@coredump.ae.usr.com)
Sr. 3Com Network Systems Engineer / BETA Engineer
PGP:http://coredump.ae.usr.com/pgp
|-----Original Message-----
|From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
|Jonathan Chapman
|Sent: Thursday, August 12, 1999 5:11 PM
|To: BUGTRAQ@SECURITYFOCUS.COM
|Subject: 3com hiperarch flaw [hiperbomb.c]
|
|
|Hello,
|
|The attached program will reboot a 3com HiperARC. I made an attempt to
|contact 3com before posting this report, however, I received no response.
|By flooding the telnet port of a 3com HiperARC using the provided program,
|the HiperARC unconditionally reboots. This program is effective over all
|interfaces, including a dialup.
|
|Regards,
|
|Jonathan Chapman
|Director of Network Security
|FIRST Incorporated
|jchapman@1st.net www.1st.net
|
|
