[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: One more 3Com SNMP vulnerability
From: Nerijus Krukauskas <nkrukauskas () LBANK ! LT>
Date: 1999-08-30 13:43:42
[Download RAW message or body]
Hi,
It seems that 3Com does not pay much atention how its SNMP is
implemented. In 3Com SuperStack II hubs MIB there's an OID:
.1.3.6.1.4.1.43.10.4.2. Its name decodes to
.iso.org.dod.internet.private.enterprises.a3Com.generic.security.securityUserTable.
What You need to know that's read-only community and this OID will give you
entire table of communities (read-write and read-only).
If somebody knows how to contact 3Com with such reports forward this info
to them. Half an hour exploring 3Com web site i found no e-mail's (not even
support@3com.com). Amazing...
--
Nerijus Krukauskas Bank of Lithuania
Division head IT department, Networking division
Tel. +370-2-680731 Zirmunu 151
nkrukauskas@lbank.lt 2012 Vilnius, Lithuania
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic