3Com NBX vulnerabilities
Created 5/6/03
Impact
A denial-of-service attack could disable not only the
FTP and web-based administration services, but also the
call manager, preventing diagnostics, control, and all
incoming, outgoing, and internal calls. Disconnection of calls
in progress would also be prevented, potentially
leading to excessive long-distance phone bills. Furthermore,
the only means of recovery would be a hard reboot, which
could cause corruption of voice mail and logs.
Background
3Com SuperStack 3 NBX and
3Com NBX 100 is a telephony solution providing call-processing
features and telephony applications. These products run atop the
VxWorks embedded Real-Time Operating System (RTOS).
The Problem
The VxWorks FTP service which runs on all 3Com NBX products
is affected by a buffer overflow
condition in the processing of the CEL
command. A specially crafted command could cause not only
the FTP service to fail, but also the administrative console
and the call manager.
3Com NBX firmware versions 4_0_17, 4_1_4, and 4_1_21, which
include VxWorks ftpd version 5.4 through 5.4.2, are known
to be affected by this vulnerability. Other versions may
be affected as well.
Resolution
Apply a fix from 3Com when one becomes available. Until a
fix is available, deny access to port 21 on the 3Com NBX
at the network perimeter.
Where can I read more about this?
This vulnerability was posted to
Bugtraq.