Details of VAR-200303-0127

ID

VAR-200303-0127

TITLE

3Com SuperStack II RAS 1500 Malicious IP Header Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-0845

DESCRIPTION

The 3com SuperStack II Remote Access System 1500 is a device that accesses telecommunications equipment through BRI-ISDN/analog lines. The 3com SuperStack II remote access system handles malformed packets incorrectly, and remote attackers can exploit this vulnerability to perform denial of service attacks on devices. The attacker sends a packet with the IP option length field set to zero to the RAS 1500 system, which can cause the device to reboot and disconnect all connections. A vulnerability has been reported in the 3Com SuperStack II RAS 1500 router. The problem occurs when processing network packets containing malicious IP headers. When received, the packet may cause the router to crash

Trust: 0.81

sources: CNVD: CNVD-2003-0845 // BID: 7175

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-0845

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	3com	model:	superstack ii ras	scope:	eq	version:	1500	Trust: 0.3

sources: CNVD: CNVD-2003-0845 // BID: 7175

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-0845
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-0845
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-0845

THREAT TYPE

network

Trust: 0.3

sources: BID: 7175

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 7175

EXTERNAL IDS

db:	BID	id:	7175	Trust: 0.9
db:	CNVD	id:	CNVD-2003-0845	Trust: 0.6

sources: CNVD: CNVD-2003-0845 // BID: 7175

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104852250406896&w=2	Trust: 0.6
url:	/archive/1/316043	Trust: 0.3

sources: CNVD: CNVD-2003-0845 // BID: 7175

CREDITS

The discovery of this vulnerability has been credited to Piotr Chytla <pch@isec.pl>.

Trust: 0.3

sources: BID: 7175

SOURCES

db:	CNVD	id:	CNVD-2003-0845
db:	BID	id:	7175

LAST UPDATE DATE

2022-05-17T01:42:53.023000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-0845	date:	2014-01-20T00:00:00
db:	BID	id:	7175	date:	2003-03-24T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-0845	date:	2003-03-24T00:00:00
db:	BID	id:	7175	date:	2003-03-24T00:00:00