[7330] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: N-Base Vulnerability Advisory

daemon@ATHENA.MIT.EDU (Geoff Cummins)
Tue Jul 21 14:27:16 1998

Date: 	Mon, 20 Jul 1998 22:48:02 -0700
Reply-To: Geoff Cummins <geoff@NBASE.COM>
From: Geoff Cummins <geoff@NBASE.COM>
To: BUGTRAQ@NETSPACE.ORG

Currently, supported switches with the following ROM updates do have real
fixes for password/tftp problems.

For MegaSwitch II:    Model           ROM
                      NH2012          2.54
                      NH2012R         2.54
                      NH2015          2.51
                      NH2048          1.33

With these configurations you can do the following to fix these problems.

set-full-sec enable  (this disables the backdoor passwords)

set-sw-file  XXX     (where XXX is the name you want to call your SNMP
                      software update file)

set-par-file XXX     (where XXX is the name you want to call your
                      parameters file)

set-passwd <return>  (this will display a prompt to enter a new password)

set-comm read XXX    (where XXX is the new read community)

set-comm write XXX   (where XXX is the new write community)

These steps should secure the mentioned MegaSwitch II configurations.

For GigaFrame Switch    NH3012          2.1

set-full-sec enabled

set-sw-file XXX

set-par-file XXX

set-comm read XXX

set-comm write XXX

set-passwd <return>

del-user user       (By default there are two users "super", and "user".
                     "super" has supervisor priveldges, "user" is just a
                     default.  To secure the system, you should delete
                     the "user" account.)


Geoff Cummins
geoff@nbase.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[7330] in bugtraq

Re: N-Base Vulnerability Advisory

daemon@ATHENA.MIT.EDU (Geoff Cummins)Tue Jul 21 14:27:16 1998

daemon@ATHENA.MIT.EDU (Geoff Cummins)
Tue Jul 21 14:27:16 1998