Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: N-Base Vulnerability Advisory

From: geoff () NBASE COM (Geoff Cummins)
Date: Mon, 20 Jul 1998 22:48:02 -0700

Currently, supported switches with the following ROM updates do have real
fixes for password/tftp problems.

For MegaSwitch II:    Model           ROM
                      NH2012          2.54
                      NH2012R         2.54
                      NH2015          2.51
                      NH2048          1.33

With these configurations you can do the following to fix these problems.

set-full-sec enable  (this disables the backdoor passwords)

set-sw-file  XXX     (where XXX is the name you want to call your SNMP
                      software update file)

set-par-file XXX     (where XXX is the name you want to call your
                      parameters file)

set-passwd <return>  (this will display a prompt to enter a new password)

set-comm read XXX    (where XXX is the new read community)

set-comm write XXX   (where XXX is the new write community)

These steps should secure the mentioned MegaSwitch II configurations.

For GigaFrame Switch    NH3012          2.1

set-full-sec enabled

set-sw-file XXX

set-par-file XXX

set-comm read XXX

set-comm write XXX

set-passwd <return>

del-user user       (By default there are two users "super", and "user".
                     "super" has supervisor priveldges, "user" is just a
                     default.  To secure the system, you should delete
                     the "user" account.)


Geoff Cummins
geoff () nbase com
Previous By Date Next
Previous By Thread Next

Current thread: