[NT] 3Com Network Supervisor Directory Traversal

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

3Com Network Supervisor Directory Traversal
------------------------------------------------------------------------

SUMMARY

"
<http://www.3com.com/products/en_US/detail.jsp?tab=prodspec&sku=3C15100E>
3Com Network Supervisor is a network monitoring application which allows
monitoring services on multiple hosts."

Remote exploitation of a directory traversal vulnerability in 3Com
Corporation Network Supervisor allows an attacker unauthorized access to
files.

DETAILS

Vulnerable Systems:
* 3Com Network Supervisor version 5.0.2

Network Supervisor contains an httpd running on port 21700. By
constructing a URL containing '../' sequences it is possible to access
files outside of the web-root for this service.

Successful exploitation of this vulnerability allow a remote attacker
unauthenticated access to any file on the same file-system as the server
is installed on. Typically this is the C: drive, which also typically
contains the Windows operating system files.

As the vulnerable tool is designed for network administration, it is
likely that the users of an affected system will have elevated permissions
on other systems on the network.

Vendor Status:
Vendor patches to address this vulnerability are available for download
at:
3Com(r) Network Director Version 1.0 Critical Update 1 for the Initial
release and Service Pack 1:
<http://support.3com.com/software/3Com_network_director_v1_0_sp0_1_cu1.exe> http://support.3com.com/software/3Com_network_director_v1_0_sp0_1_cu1.exe

3Com(r) Network Director Version 1.0 Critical Update 1 for Service Pack 2
and Service Pack 3:
<http://support.3com.com/software/3Com_network_director_v1_0_sp2_3_cu1.exe> http://support.3com.com/software/3Com_network_director_v1_0_sp2_3_cu1.exe

3Com(r) Network Director Version 2.0 Critical Update 1:
<http://support.3com.com/software/3com_network_director_v2_0_cu1.exe>
http://support.3com.com/software/3com_network_director_v2_0_cu1.exe

3Com(r) Network Supervisor Version 5.1 Critical Update 1:
<http://support.3com.com/software/3com_network_supervisor_v5_1_cu1.exe>
http://support.3com.com/software/3com_network_supervisor_v5_1_cu1.exe

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2020>
CAN-2005-2020

Disclosure Timeline:
06/20/2005 - Initial vendor notification
07/07/2005 - Initial vendor response
09/01/2005 - Coordinated public disclosure

ADDITIONAL INFORMATION

The information has been provided by
<mailto:idlabs-advisories@lists.idefense.com> iDEFENSE Labs Security
Advisories.
The original article can be found at:
<http://www.idefense.com/application/poi/display?id=300&type=vulnerabilities&flashstatus=true> http://www.idefense.com/application/poi/display?id=300&type=vulnerabilities

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.