VAR-201005-0432
Vulnerability from variot - Updated: 2022-05-17 01:48Multiple 3Com H3C switches have security issues, and remote attackers can exploit vulnerabilities to perform denial of service attacks on their SSH servers. An unspecified error exists in the built-in SSH server. The attacker sends a specially constructed SSH message to restart the device. Multiple 3Com H3C devices are prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause the affected device to restart, denying service to legitimate users. This issue affects the H3C S3100, Switch 4500, and Switch 4200G series of products. ----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers.
The vulnerability is caused due to an unspecified error and can be exploited to cause an affected device to reboot by sending specially crafted SSH packets to it.
Successful exploitation requires that the device is configured as SSH server.
SOLUTION: Update to the latest versions.
H3C S3100-52P: Update to Comware 3.10 Release 1702P13.
3Com Switch 4500: Update to version 3.03.02p09
3Com Switch 4200: Update to version 3.2.4.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: 3Com H3C (LSOD09619): http://support.3com.com/documents/H3C/switches/3100/H3C_S3100-52P_CMW3.10.R1702P13_Release_Notes.pdf http://support.3com.com/documents/switches/4500/Switch_4500_V3.03.02p09_Release_Notes.pdf
3Com H3C (LSOD09646) http://support.3com.com/documents/switches/4200G/Switch_4200G_V3.02.04_Release_Notes.pdf
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201005-0432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h3c s3100",
"scope": null,
"trust": 0.6,
"vendor": "3com",
"version": null
},
{
"model": "h3c switch 4200g",
"scope": null,
"trust": 0.6,
"vendor": "3com",
"version": null
},
{
"model": "h3c switch",
"scope": "eq",
"trust": 0.6,
"vendor": "3com",
"version": "4500"
},
{
"model": "h3c switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "45000"
},
{
"model": "h3c switch 4200g",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "0"
},
{
"model": "h3c s3100",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0811"
},
{
"db": "BID",
"id": "40031"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3Com",
"sources": [
{
"db": "BID",
"id": "40031"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple 3Com H3C switches have security issues, and remote attackers can exploit vulnerabilities to perform denial of service attacks on their SSH servers. An unspecified error exists in the built-in SSH server. The attacker sends a specially constructed SSH message to restart the device. Multiple 3Com H3C devices are prone to a remote denial-of-service vulnerability. \nSuccessfully exploiting this issue allows remote attackers to cause the affected device to restart, denying service to legitimate users. \nThis issue affects the H3C S3100, Switch 4500, and Switch 4200G series of products. ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. \n\nThe vulnerability is caused due to an unspecified error and can be\nexploited to cause an affected device to reboot by sending specially\ncrafted SSH packets to it. \n\nSuccessful exploitation requires that the device is configured as SSH\nserver. \n\nSOLUTION:\nUpdate to the latest versions. \n\nH3C S3100-52P:\nUpdate to Comware 3.10 Release 1702P13. \n\n3Com Switch 4500:\nUpdate to version 3.03.02p09\n\n3Com Switch 4200:\nUpdate to version 3.2.4. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\n3Com H3C (LSOD09619):\nhttp://support.3com.com/documents/H3C/switches/3100/H3C_S3100-52P_CMW3.10.R1702P13_Release_Notes.pdf\nhttp://support.3com.com/documents/switches/4500/Switch_4500_V3.03.02p09_Release_Notes.pdf\n\n3Com H3C (LSOD09646)\nhttp://support.3com.com/documents/switches/4200G/Switch_4200G_V3.02.04_Release_Notes.pdf\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0811"
},
{
"db": "BID",
"id": "40031"
},
{
"db": "PACKETSTORM",
"id": "89324"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "40031",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "39785",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-0811",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "89324",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0811"
},
{
"db": "BID",
"id": "40031"
},
{
"db": "PACKETSTORM",
"id": "89324"
}
]
},
"id": "VAR-201005-0432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0811"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0811"
}
]
},
"last_update_date": "2022-05-17T01:48:47.283000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "http://secunia.com/advisories/39785/"
},
{
"trust": 0.4,
"url": "http://support.3com.com/documents/h3c/switches/3100/h3c_s3100-52p_cmw3.10.r1702p13_release_notes.pdf"
},
{
"trust": 0.4,
"url": "http://support.3com.com/documents/switches/4200g/switch_4200g_v3.02.04_release_notes.pdf"
},
{
"trust": 0.4,
"url": "http://support.3com.com/documents/switches/4500/switch_4500_v3.03.02p09_release_notes.pdf"
},
{
"trust": 0.3,
"url": "http://www.3com.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0811"
},
{
"db": "BID",
"id": "40031"
},
{
"db": "PACKETSTORM",
"id": "89324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0811"
},
{
"db": "BID",
"id": "40031"
},
{
"db": "PACKETSTORM",
"id": "89324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0811"
},
{
"date": "2010-03-29T00:00:00",
"db": "BID",
"id": "40031"
},
{
"date": "2010-05-10T13:34:45",
"db": "PACKETSTORM",
"id": "89324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0811"
},
{
"date": "2010-05-10T19:02:00",
"db": "BID",
"id": "40031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "40031"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple 3com H3C Device SSH Service Program Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0811"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "40031"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…