Sign-up

ID

VAR-201005-0432


TITLE

Multiple 3com H3C Device SSH Service Program Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0811

DESCRIPTION

Multiple 3Com H3C switches have security issues, and remote attackers can exploit vulnerabilities to perform denial of service attacks on their SSH servers. An unspecified error exists in the built-in SSH server. The attacker sends a specially constructed SSH message to restart the device. Multiple 3Com H3C devices are prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause the affected device to restart, denying service to legitimate users. This issue affects the H3C S3100, Switch 4500, and Switch 4200G series of products. ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. The vulnerability is caused due to an unspecified error and can be exploited to cause an affected device to reboot by sending specially crafted SSH packets to it. Successful exploitation requires that the device is configured as SSH server. SOLUTION: Update to the latest versions. H3C S3100-52P: Update to Comware 3.10 Release 1702P13. 3Com Switch 4500: Update to version 3.03.02p09 3Com Switch 4200: Update to version 3.2.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 3Com H3C (LSOD09619): http://support.3com.com/documents/H3C/switches/3100/H3C_S3100-52P_CMW3.10.R1702P13_Release_Notes.pdf http://support.3com.com/documents/switches/4500/Switch_4500_V3.03.02p09_Release_Notes.pdf 3Com H3C (LSOD09646) http://support.3com.com/documents/switches/4200G/Switch_4200G_V3.02.04_Release_Notes.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: CNVD: CNVD-2010-0811 // BID: 40031 // PACKETSTORM: 89324

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0811

AFFECTED PRODUCTS

vendor:3commodel:h3c s3100scope: - version: -

Trust: 0.6

vendor:3commodel:h3c switch 4200gscope: - version: -

Trust: 0.6

vendor:3commodel:h3c switchscope:eqversion:4500

Trust: 0.6

vendor:3commodel:h3c switchscope:eqversion:45000

Trust: 0.3

vendor:3commodel:h3c switch 4200gscope:eqversion:0

Trust: 0.3

vendor:3commodel:h3c s3100scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2010-0811 // BID: 40031

THREAT TYPE

network

Trust: 0.3

sources: BID: 40031

TYPE

Unknown

Trust: 0.3

sources: BID: 40031

EXTERNAL IDS

db:BIDid:40031

Trust: 0.9

db:SECUNIAid:39785

Trust: 0.7

db:CNVDid:CNVD-2010-0811

Trust: 0.6

db:PACKETSTORMid:89324

Trust: 0.1

sources: CNVD: CNVD-2010-0811 // BID: 40031 // PACKETSTORM: 89324

REFERENCES

url:http://secunia.com/advisories/39785/

Trust: 0.7

url:http://support.3com.com/documents/h3c/switches/3100/h3c_s3100-52p_cmw3.10.r1702p13_release_notes.pdf

Trust: 0.4

url:http://support.3com.com/documents/switches/4200g/switch_4200g_v3.02.04_release_notes.pdf

Trust: 0.4

url:http://support.3com.com/documents/switches/4500/switch_4500_v3.03.02p09_release_notes.pdf

Trust: 0.4

url:http://www.3com.com/

Trust: 0.3

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2010-0811 // BID: 40031 // PACKETSTORM: 89324

CREDITS

3Com

Trust: 0.3

sources: BID: 40031

SOURCES

db:CNVDid:CNVD-2010-0811
db:BIDid:40031
db:PACKETSTORMid:89324

LAST UPDATE DATE

2022-05-17T01:48:47.283000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-0811date:2010-05-11T00:00:00
db:BIDid:40031date:2010-05-10T19:02:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-0811date:2010-05-11T00:00:00
db:BIDid:40031date:2010-03-29T00:00:00
db:PACKETSTORMid:89324date:2010-05-10T13:34:45