Bugtraq mailing list archives
Re: One more 3Com SNMP vulnerability
From: fred () VIA ECP FR (fred () VIA ECP FR)
Date: Thu, 2 Sep 1999 13:06:47 -0000
Hi all, Well spotted. To be more accurate, this bug can be found on 3Com SuperStack II Port Switch Hubs running software version 2.10. The bug disappeared from version 2.12. New software versions are available at http://support.3com.com/software/superstack_ii_ps_hub_40_fil es.htm Arnaud Bienvenu. -- Hi, It seems that 3Com does not pay much atention how its SNMP is implemented. In 3Com SuperStack II hubs MIB there's an OID: .1.3.6.1.4.1.43.10.4.2. Its name decodes to .iso.org.dod.internet.private.enterprises.a3Com.generic.secu rity.securityUserTable. What You need to know that's read-only community and this OID will give you entire table of communities (read-write and read-only). If somebody knows how to contact 3Com with such reports forward this info to them. Half an hour exploring 3Com web site i found no e-mail's (not even <A HREF="mailto:support () 3com com">support () 3com com</A>). Amazing... -- Nerijus Krukauskas Bank of Lithuania Division head IT department, Networking division Tel. +370-2-680731 Zirmunu 151 <A HREF="mailto:nkrukauskas () lbank lt">nkrukauskas () lbank lt</A> 2012 Vilnius, Lithuania
Current thread:
- One more 3Com SNMP vulnerability Nerijus Krukauskas (Aug 30)
- Re: One more 3Com SNMP vulnerability Peter Hicks (Sep 01)
- Re: One more 3Com SNMP vulnerability fred () VIA ECP FR (Sep 02)
- NMRC Advisory: HackerShield on Windows NT Simple Nomad (Sep 14)
- Sega Dreamcast Web Browser Email Security Issue HIGH TIMES (Sep 14)