Bugtraq mailing list archives

Re: One more 3Com SNMP vulnerability

From: Peter.Hicks () POGGS CO UK (Peter Hicks)
Date: Wed, 1 Sep 1999 14:00:40 +0100


Hi there

I'm running version 3.17 firmware on the SSII Hub 10's here, and the
securityUserTable is only visible if you use a read-write community string.

Peter.

----- Original Message -----
From: Nerijus Krukauskas <nkrukauskas () LBANK LT>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: 30 August 1999 14:43
Subject: One more 3Com SNMP vulnerability

Hi,

  It seems that 3Com does not pay much atention how its SNMP is
implemented. In 3Com SuperStack II hubs MIB there's an OID:
.1.3.6.1.4.1.43.10.4.2. Its name decodes to

.iso.org.dod.internet.private.enterprises.a3Com.generic.security.securityUse
rTable.

What You need to know that's read-only community and this OID will give

you

entire table of communities (read-write and read-only).
  If somebody knows how to contact 3Com with such reports forward this

info

to them. Half an hour exploring 3Com web site i found no e-mail's (not

even

support () 3com com). Amazing...

--
Nerijus Krukauskas                   Bank of Lithuania
Division head                        IT department, Networking division
Tel. +370-2-680731                   Zirmunu 151
nkrukauskas () lbank lt                 2012 Vilnius, Lithuania

Current thread:

One more 3Com SNMP vulnerability Nerijus Krukauskas (Aug 30)
- Re: One more 3Com SNMP vulnerability Peter Hicks (Sep 01)
- Re: One more 3Com SNMP vulnerability fred () VIA ECP FR (Sep 02)
- NMRC Advisory: HackerShield on Windows NT Simple Nomad (Sep 14)
- Sega Dreamcast Web Browser Email Security Issue HIGH TIMES (Sep 14)