Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:2997
HistoryMay 28, 2002 - 12:00 a.m.

Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router

2002-05-2800:00:00
vulners.com
24
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router
Date: 27-05-2002
Impact: A vulnerability in PAT (Port Address Translation) allow access to
all ports in the computer behind the router.
Author: Ismael Briones Vilar ([email protected])

PROBLEM SUMMARY:

There is a problem in PAT(Port Address Translation) that can be used to

access all ports in the computer behind the router. When we try to connect to
a port that is not redirected to a computer behind the router using PAT,
there is no problem, the router don't allow this connection. But if before we
connect to a port redirected using PAT and inmediately we try to connect to
any port not redirected using PAT, the router allows the successive
connections to any port. The problem exists with TCP and with UDP.

 Probed in firmware versions:  V1.1.9 and V1.1.7 for the OCR812. For
 customers of SKU's 3CP4144  (Telefónica S.A. (Spain) use this model for
 DSL)

IMPACT:

Allow access to all ports in the computer behind the router. If you find a
port redirected using PAT, you can access all ports, make scans,… and
all you can imagine.

SOLUTION:

Use firewalls in the computers behind the router or wait for a firmware
update ;-)

STATUS:

I have been searching 3Com web for an email to submit this bug, but i
haven't find any reference to security advisories. So i have decided to send
the advisorie to bugtraq first.

Special Thanks to: Pask, J.M. Gomez, Manolo and Morales.

Ismael Briones Vilar Mundinteractivos - El Mundo
Area de Internet Pradillo, 42
[email protected] 28002 - Madrid (SPAIN, EU)
http://www.elmundo.es/ Tel: (+34) 915864800 (Ext: 4615)
Fax: (+34) 915864480

GPG PubKey:
fingerprint: 8FD8 1450 29AC 5B5F 4186 0417 B67A 978F 281C D54F
http://pgp.rediris.es:11371/pks/lookup?op=get&search=0x281CD54F

"Technically, Windows is an 'operating system,' which means that
it supplies your computer with the basic commands that it needs
to suddenly, with no warning whatsoever, stop operating."
Dave Barry

"Good artists copy, great artists steal."
Pablo Picasso

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE88liYtnqXjygc1U8RAivlAJ9xqUIbtWagqvTIEknJkranCbc6oACffbRB
gVyScjBN7d4Wj0Rf9kZoG5U=
=vg59
-----END PGP SIGNATURE-----

JSON