[11623] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

One more 3Com SNMP vulnerability

daemon@ATHENA.MIT.EDU (Nerijus Krukauskas)
Wed Sep 1 03:15:57 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <37CA8A8E.AE336BBE@lbank.lt>
Date:         Mon, 30 Aug 1999 15:43:42 +0200
Reply-To: Nerijus Krukauskas <nkrukauskas@LBANK.LT>
From: Nerijus Krukauskas <nkrukauskas@LBANK.LT>
X-To:         Bugtraq mailing list <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

Hi,

  It seems that 3Com does not pay much atention how its SNMP is
implemented. In 3Com SuperStack II hubs MIB there's an OID:
.1.3.6.1.4.1.43.10.4.2. Its name decodes to
.iso.org.dod.internet.private.enterprises.a3Com.generic.security.securityUserTable.
What You need to know that's read-only community and this OID will give you
entire table of communities (read-write and read-only).
  If somebody knows how to contact 3Com with such reports forward this info
to them. Half an hour exploring 3Com web site i found no e-mail's (not even
support@3com.com). Amazing...

--
Nerijus Krukauskas                   Bank of Lithuania
Division head                        IT department, Networking division
Tel. +370-2-680731                   Zirmunu 151
nkrukauskas@lbank.lt                 2012 Vilnius, Lithuania


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11623] in bugtraq

One more 3Com SNMP vulnerability

daemon@ATHENA.MIT.EDU (Nerijus Krukauskas)Wed Sep 1 03:15:57 1999

daemon@ATHENA.MIT.EDU (Nerijus Krukauskas)
Wed Sep 1 03:15:57 1999