3Com HiPer ARC vulnerable to nestea attack

From: Olaf Selke (Olaf.Selkeat_private)
Date: Fri Dec 25 1998 - 07:01:36 PST

Next message: vh: "another X-Mas present :)"

Previous message: Nathan Neulinger: "Yahoo Pager - security bug w/ services 7,8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We found 3Com's HiPer ARCs running system version 4.1.11
being vulnerable to the nestea DoS attack. The cards simply
crash and reboot.


The multi DoS tool targa v1.1
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199806/targa.c.html
started with the nestea option can be used for demonstration.


*sigh* As already mentioned on Bugtraq in the past, 3Com/USR's IP
stacks are not very resistant against this specific kind of DoS attack:

NetServer card: http://geek-girl.com/bugtraq/1998_4/0198.html
PalmPilot:      http://geek-girl.com/bugtraq/1998_2/0138.html


>From my experiences 3Com has fixed this bug in the recent Total Control
NetServer card code base. Apparently it was re-introduced by the HiPer ARC.

Olaf
--
Olaf Selke, olaf.selkeat_private, voice +49 5241 80-7069

Next message: vh: "another X-Mas present :)"
Previous message: Nathan Neulinger: "Yahoo Pager - security bug w/ services 7,8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:23 PDT