3Com OfficeConnect Telnet escape sequence buffer overflow
| 3com-officeconnect-telnet-bo (16257) |  Low Risk |
Description:
3Com OfficeConnect is vulnerable to a denial of service attack, caused by a buffer overflow. A remote attacker could send a long specially-crafted string that contains a sequence of Telnet escape characters to the Telnet port, which would overflow the buffer and cause the device to stop responding or reboot.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- 3com Web site: How to setup HTTP Filtering to prevent Denial-of-Service Attacks on the How to setup HTTP Filtering to prevent Denial-of-Service Attacks on the OfficeConnect Remote 812 Router.
- iDEFENSE Security Advisory 05.26.04: 3Com OfficeConnect Remote 812 ADSL Router Telnet Protocol DoS Vulnerability .
- BID-10419: 3Com OfficeConnect Remote 812 ADSL Router Telnet Buffer Overflow Vulnerability
- CVE-2004-0476: Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port.
- SA11716: 3Com OfficeConnect 812 ADSL Router Multiple Vulnerabilities
Platforms Affected:
- 3Com OfficeConnect ADSL Router 812 1.1.9
Reported:
May 26, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net