[6708] in bugtraq
Re: 3Com switches - undocumented access level.
daemon@ATHENA.MIT.EDU (Aleph One)
Fri May 8 14:44:11 1998
Date: Fri, 8 May 1998 11:35:56 -0500
Reply-To: Aleph One <aleph1@nationwide.net>
From: Aleph One <aleph1@NATIONWIDE.NET>
To: BUGTRAQ@NETSPACE.ORG
This is a summary of a number of posts. Please, if you will be reporting
a system as vulnerable or not always include the software version you are
using.
Peter Mount <peter@maidstone.gov.uk> mentions that his LinkSwitch does
have the backdoor. His software version is:
-> version
VxWorks (for LinkSwitch 2000) version 5.0.2b.
Kernel: WIND version 2.0.
Made on Wed Dec 18 22:27:52 EST 1996.
Boot line:
pcmcia(0,0) f=0x20008
value = 33 = 0x21 = '!'
Riku Meskanen <mesrik@cc.jyu.fi> reports that the CellPlex 1000 doesn't
seem to have the tech user backdoor. He fails to mention the software
version.
Alan Cox <alan@lxorguk.ukuu.org.uk> mentions that when he worked for 3com
there was no useful security contacts. The also states that 3com is
divided into units. Each unit is very independent and will often use
different code bases. So a given problem is likely to hit one section of
3com products only.
Could someone check the following 3com products: Accessbuilder,
Netbuilder.
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
