[11667] in bugtraq
Re: One more 3Com SNMP vulnerability
daemon@ATHENA.MIT.EDU (Peter Hicks)
Fri Sep 3 14:25:23 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000b01bef47a$307c42f0$7204b40a@pearsontv.com>
Date: Wed, 1 Sep 1999 14:00:40 +0100
Reply-To: Peter Hicks <Peter.Hicks@POGGS.CO.UK>
From: Peter Hicks <Peter.Hicks@POGGS.CO.UK>
X-To: Nerijus Krukauskas <nkrukauskas@LBANK.LT>
To: BUGTRAQ@SECURITYFOCUS.COM
Hi there
I'm running version 3.17 firmware on the SSII Hub 10's here, and the
securityUserTable is only visible if you use a read-write community string.
Peter.
----- Original Message -----
From: Nerijus Krukauskas <nkrukauskas@LBANK.LT>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: 30 August 1999 14:43
Subject: One more 3Com SNMP vulnerability
> Hi,
>
> It seems that 3Com does not pay much atention how its SNMP is
> implemented. In 3Com SuperStack II hubs MIB there's an OID:
> .1.3.6.1.4.1.43.10.4.2. Its name decodes to
>
.iso.org.dod.internet.private.enterprises.a3Com.generic.security.securityUse
rTable.
> What You need to know that's read-only community and this OID will give
you
> entire table of communities (read-write and read-only).
> If somebody knows how to contact 3Com with such reports forward this
info
> to them. Half an hour exploring 3Com web site i found no e-mail's (not
even
> support@3com.com). Amazing...
>
> --
> Nerijus Krukauskas Bank of Lithuania
> Division head IT department, Networking division
> Tel. +370-2-680731 Zirmunu 151
> nkrukauskas@lbank.lt 2012 Vilnius, Lithuania
>
>
