Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against 3COM Network Supervisor Directory Traversal Vulnerability

Attack ID: CPAI-2005-128
Publish Date:
Last Update:
Category: Directory Traversal
Vulnerable Systems: 3Com Corporation Network Supervisor 5.1 and prior versions
3Com Corporation Network Director versions 1.0 and 2.0
Source:

iDEFENSE Security Advisory 09.01.05
Description:

The 3COM Network Supervisor is a network management application that maps and displays network links and Internet-based devices. A directory traversal vulnerability exists in the 3Com Network Supervisor product. A remote attacker can view files on the vulnerable system by sending a specially crafted URL containing '../' sequences. This may enable an attacker to gain sensitive information from the vulnerable system to facilitate further attacks.

Severity:
Details:

The Network Supervisor runs an HTTP server and listens on port TCP/21700. A vulnerability exists in this HTTP server which does not properly sanitize user HTTP requests, accepting directory traversal sequence strings in user requests. Remote attackers may access files outside of the permitted directory structure. 

 
Attack Detection: Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of Connectra who have applied the solution outlined below, will identify attack attempts by the following SmartView Log entry:

Information: reason: WSE0090001 directory traversal overflow
Solution:

Users of VPN-1 NG with Application Intelligence R55W, users of Connectra and users of VPN-1 NGX R60 are preemptively protected against this vulnerability. The Web Intelligence Directory Traversal protection blocks specially crafted URLs containing containing '../' sequences.

To verify that you are protected:

1. Configure the Web server for which the protection is enabled to run on port 21700/tcp.
2. Verify that your Directory Traversal protection is enabled.

To configure a Web server on port 21700/tcp:

The Network Supervisor can be accessible via HTTP and listens on port TCP/21700. This means you will have to configure a Web server to run on this port prior to activating the Directory Traversal protection.

1. From the Network Objects tree in the SmartDashboad, right-click the Nodes icon.
2. From the Nodes menu, select New Node > Host.
3. Give the server a name and IP address; Click Configure Severs and click the Web Server option; Click OK.
4. Click the Web Server tab; Under Server uses additional ports, enter 21700.
5. Click OK.  

To verify that the Directory Traversal protection is enabled:

Users of R55W, R60:

1. On the Web Intelligence tree, click Application Layer > Directory Traversal.
2. In the Directory Traversal screen click Apply to selected Web servers and add the host you have configured (see above).  
3. Apply security policy to all modules.

Users of Connectra users:

1. On the navigation tree, click Security > Web Intelligence.
2. In the Application Layer Protection pane, enable Directory Traversal.

Industry Reference: CAN-2005-2020
Additional Information: