Secunia Security Advisory - iDEFENSE Labs has reported a vulnerability in 3Com Network Supervisor, which can be exploited by malicious people to gain knowledge of sensitive information.
9b2ce1f8e1f6cf1e6c36c979c4aecf081ef4c3258ffabac06a3cd6656d1c21e0
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
3Com Network Supervisor / Network Director Directory Traversal
SECUNIA ADVISORY ID:
SA16639
VERIFY ADVISORY:
http://secunia.com/advisories/16639/
CRITICAL:
Less critical
IMPACT:
Exposure of system information, Exposure of sensitive information
WHERE:
>From local network
SOFTWARE:
3Com Network Director 1.x
http://secunia.com/product/5651/
3Com Network Director 2.x
http://secunia.com/product/5652/
3Com Network Supervisor 5.x
http://secunia.com/product/5650/
DESCRIPTION:
iDEFENSE Labs has reported a vulnerability in 3Com Network
Supervisor, which can be exploited by malicious people to gain
knowledge of sensitive information.
The vulnerability is caused due to an input validation error in the
integrated web server running on port 21700/TCP when handling HTTP
requests. This makes it possible to access arbitrary files on the
system outside the web root via directory traversal attacks.
The vulnerability has been reported in 3Com Network Supervisor 5.0.2.
Other versions may also be affected.
SOLUTION:
Apply patches.
3Com Network Director 1.0 Critical Update 1 (for initial release and
SP1):
http://support.3com.com/software/3Com_network_director_v1_0_sp0_1_cu1.exe
3Com Network Director 1.0 Critical Update 1 (for SP2 and SP3):
http://support.3com.com/software/3Com_network_director_v1_0_sp2_3_cu1.exe
3Com Network Director 2.0 Critical Update 1:
http://support.3com.com/software/3com_network_director_v2_0_cu1.exe
3Com Network Supervisor 5.1 Critical Update 1:
http://support.3com.com/software/3com_network_supervisor_v5_1_cu1.exe
PROVIDED AND/OR DISCOVERED BY:
iDEFENSE Labs
ORIGINAL ADVISORY:
iDEFENSE:
http://www.idefense.com/application/poi/display?id=300&type=vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------