Wonderful weather we are having.
I have not much heard any of you since the VoIP Conference/Vendor
Showcase at the Biltmore. No trading remarks ( I thought it was election
fever there for a while!). There was also a fine D&H Reseller Dinner at the
Pacific Palms Resort, City of Industry the Friday following the VoIP event
close of Thus. Are you all happy to see smiley Mr. FCC with am approved BPL
rollout from Wahsington DC. (You Decide, or do They Decide?)
----- Original Message -----
From: "Oxygen3 24h-365d" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 19, 2004 7:09 AM
Subject: Oxygen3 24h-365d [Security problems in firewall 3Com OfficeConnec t
ADSL Wireless - 19/10/04]
"Each problem that I solved became a rule,
which served afterwards to solve other problems."
Ren� Descartes (1596-1650); French philosopher and mathematician.
- Security problems in firewall 3Com OfficeConnect ADSL Wireless -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, October 19, 2004 - According to SecurityTracker, multiple
vulnerabilities have been detected in 3Com OfficeConnect ADSL Wireless 11g
Firewall, which are corrected in a recent update released by 3Com (*).
These security flaws, which allow attacks to be launched against affected
computers, are:
- The device does not filter HTML code from DHCP requests before displaying
the information via the administrative interface. This could allow a remote
user to send a specially-crafted request in order to run arbitrary scripts
with the administrator rights, when the administrator reviews the log.
- A vulnerability that allows a remote user to connect to the management
interface to determine the IP address of any administrator that is currently
logged on. Then, an attacker could spoof the IP address and hijack the
connection.
- A security flaw that could allow any remote authenticated user
-regardless of their access level- or a remote user with the ability to
hijack an administrative session (as described above) to access the binary
file containing the configuration and obtain the administrator password and
WEP key.
(*) The update released by 3com is available at:
http://www.3com.com/products/en_US/result.jsp?selected=6&sort=effdt&sku=3CRW
E754G72-A&order=desc
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's
free online scanner: 1) Downloader.GK; 2) Netsky.P; 3) Mabutu.A; 4)
Mhtredir.gen; 5) Gaobot.gen.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
