3Com Baseline Switch DHCP packet denial of service
| 3com-baseline-dhcp-dos (26076) |  Medium Risk |
Description:
The 3Com Baseline Switch 2848-SFP Plus is vulnerable to a denial of service attack. A remote attacker could send DHCP packets larger than 342 bytes to an affected switch to cause the device to become unstable.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest software version (1.0.2.0 or later), as listed in the 3Com Baseline Switch 2848-SFP Plus Release Notes. See References.
References:
- 3Com Baseline Switch 2848-SFP Plus Release Notes: Software version 1.0.2.0.
- BID-17686: 3Com Baseline Switch 2848-SFP Plus Remote Denial Of Service Vulnerability
- CVE-2006-2054: 3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets.
- OSVDB ID: 24942: 3Com Baseline Switch 2848-SFP Crafted DHCP Packet Remote DoS
- SA19756: 3Com Baseline Switch 2848-SFP DHCP Potential Denial of Service
- SECTRACK ID: 1015997: 3Com Baseline Switch 2848-SFP Plus Lets Remote Users Deny Service With Specially Crafted DHCP Packets
- VUPEN/ADV-2006-1510: 3Com Baseline Switch 2848-SFP DHCP Packets Denial of Service Vulnerability
Platforms Affected:
- 3Com Baseline Switch 2848-SFP Plus 1.0.2
Reported:
Apr 25, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net