CVE-1999-1389
CVSS7.5
发布时间 :1998-05-11 00:00:00
修订时间 :2016-10-17 22:03:58
NMCOS    

[原文]US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt.


[CNNVD]3com Total Control Filter Bypass漏洞(CNNVD-199805-010)

        US Robotics/3Com Total Control Chassis的Frame Relay3.6.22和3.7.24版本的一个端口被置为"set host prompt" 时,不能正确访问过滤器,攻击者可以通过在"host: "提示下提供两次主机名绕过限制。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1389
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1389
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199805-010
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=90221101925916&w=2
(UNKNOWN)  BUGTRAQ  19980511 3Com/USR Total Control Chassis dialup port access filters
http://www.securityfocus.com/bid/99
(VENDOR_ADVISORY)  BID  99

- 漏洞信息

3com Total Control Filter Bypass漏洞
高危 未知
1998-05-11 00:00:00 2005-10-20 00:00:00
远程  
        US Robotics/3Com Total Control Chassis的Frame Relay3.6.22和3.7.24版本的一个端口被置为"set host prompt" 时,不能正确访问过滤器,攻击者可以通过在"host: "提示下提供两次主机名绕过限制。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 漏洞信息

6060
3Com Total Control Chassis Double Hostname Filter Bypass
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

3Com Total Control NETServer Card contains a flaw that may allow a remote attacker to bypass filtering mechanisms. The issue is triggered when a port is set to "set host prompt", which allows an remote attacker to bypass restrictions by providing the hostname twice at the "host:" prompt, and gain unauthorized access to the system.

- 时间线

1998-05-11 Unknow
1998-05-11 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

3com Total Control Filter Bypass Vulnerability
Unknown 99
Yes No
1998-05-11 12:00:00 2009-07-11 12:16:00
This vulnerability was reported to the BugTraq mailing list by Jason Downs <downsj@downsj.com> on Mon, 11 May 1998. Technical examples were provided by Doug Palin <doug@pacifier.com>.

- 受影响的程序版本

3Com Total Control NETServer Card 3.7.24
3Com Total Control NETServer Card 3.6.22

- 不受影响的程序版本

3Com Total Control NETServer Card 3.6.22

- 漏洞讨论

Total Control Chassis' are fairly common terminal servers; when someone
dials into an ISP that's offering X2, they're most likely dialing into one.
Any such system that answers with a 'host:' or similar prompt and is running
the specified version of the OS is vulnerable.

When a port is set to "set host prompt" the access filters are ignored
even though the specific port's ifilter is set. Access filters look like
this:
&gt; sho filter allowed_hosts
1 permit XXX.XXX.XXX.12/24 XXX.XXX.XXX.161/32 tcp dst eq 539
2 permit XXX.XXX.XXX.12/24 XXX.XXX.XXX.165/32 tcp dst eq 23
3 permit XXX.XXX.XXX.12/24 XXX.XXX.XXX.106/32 tcp dst eq 23
4 permit XXX.XXX.XXX.12/24 XXX.XXX.XXX.168/32 tcp dst eq 540
5 permit XXX.XXX.XXX.12/24 XXX.XXX.XXX.168/32 tcp dst eq 23

6 permit XXX.XXX.XXX.12/24 XXX.XXX.XXX.109/32 tcp dst eq 3030
7 permit XXX.XXX.XXX.12/24 XXX.XXX.XXX.109/32 tcp dst eq 3031
8 permit XXX.XXX.XXX.12/24 XXX.XXX.XXX.109/32 tcp dst eq 513
9 deny 0.0.0.0/0 0.0.0.0/0 ip

Filter is set with "set all ifilter allowed_hosts"

Dialup users are able to type a host name twice at the "host:" prompt which
will in turn open a telnet session to the host the user typed twice.
The results for a user doing this will show up as follows.

&gt; sho ses

S19 woodnet.wce.wwu woodnet.wce.wwu. Login In ESTABLISHED 4:30

Use of this will show up in the syslogs as:

May 11 08:58:39 XXXXXX remote_access: Packet filter does not exist. User
woodnet.wce.wwu.edu access denied.

Contrary to the statement, access is not denied.

This version has been found vulnerable:

Equipment: US Robotics/3Com Total Control Chassis
Card: Netserver PRI
OS: Total Control (tm) NETServer Card V.34/ISDN with Frame Relay V3.7.24

This problem does not exist on earlier versions, specifically we have tried
Total Control (tm) NETServer Card V.34/ISDN with Frame Relay V3.6.22

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站