-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router Date: 27-05-2002 Impact: A vulnerability in PAT (Port Address Translation) allow access to all ports in the computer behind the router. Author: Ismael Briones Vilar (email@example.com)
There is a problem in PAT(Port Address Translation) that can be used to
access all ports in the computer behind the router. When we try to connect to a port that is not redirected to a computer behind the router using PAT, there is no problem, the router don't allow this connection. But if before we connect to a port redirected using PAT and inmediately we try to connect to any port not redirected using PAT, the router allows the successive connections to any port. The problem exists with TCP and with UDP.
Probed in firmware versions: V1.1.9 and V1.1.7 for the OCR812. For customers of SKU's 3CP4144 (Telef&oacute;nica S.A. (Spain) use this model for DSL)
Allow access to all ports in the computer behind the router. If you find a port redirected using PAT, you can access all ports, make scans,..... and all you can imagine.
Use firewalls in the computers behind the router or wait for a firmware update ;-)
I have been searching 3Com web for an email to submit this bug, but i haven't find any reference to security advisories. So i have decided to send the advisorie to bugtraq first.
Special Thanks to: Pask, J.M. Gomez, Manolo and Morales.
Ismael Briones Vilar Mundinteractivos - El Mundo
Area de Internet Pradillo, 42
firstname.lastname@example.org 28002 - Madrid (SPAIN, EU)
http://www.elmundo.es/ Tel: (+34) 915864800 (Ext: 4615) Fax: (+34) 915864480
GPG PubKey: fingerprint: 8FD8 1450 29AC 5B5F 4186 0417 B67A 978F 281C D54F http://pgp.rediris.es:11371/pks/lookup?op=get&search=0x281CD54F
"Technically, Windows is an 'operating system,' which means that it supplies your computer with the basic commands that it needs to suddenly, with no warning whatsoever, stop operating." Dave Barry
"Good artists copy, great artists steal."
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE88liYtnqXjygc1U8RAivlAJ9xqUIbtWagqvTIEknJkranCbc6oACffbRB gVyScjBN7d4Wj0Rf9kZoG5U= =vg59 -----END PGP SIGNATURE-----