Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 3Com switches - undocumented access level.

From: aleph1 () nationwide net (Aleph One)
Date: Fri, 8 May 1998 11:35:56 -0500

This is a summary of a number of posts. Please, if you will be reporting
a system as vulnerable or not always include the software version you are
using.

Peter Mount <peter () maidstone gov uk> mentions that his LinkSwitch does
have the backdoor. His software version is:

-> version
VxWorks (for LinkSwitch 2000) version 5.0.2b.
Kernel: WIND version 2.0.
Made on Wed Dec 18 22:27:52 EST 1996.
Boot line:
pcmcia(0,0) f=0x20008
value = 33 = 0x21 = '!'

Riku Meskanen <mesrik () cc jyu fi> reports that the CellPlex 1000 doesn't
seem to have the tech user backdoor. He fails to mention the software
version.

Alan Cox <alan () lxorguk ukuu org uk> mentions that when he worked for 3com
there was no useful security contacts. The also states that 3com is
divided into units. Each unit is very independent and will often use
different code bases. So a given problem is likely to hit one section of
3com products only.

Could someone check the following 3com products: Accessbuilder,
Netbuilder.

Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
Previous By Date Next
Previous By Thread Next

Current thread: