Bugtraq mailing list archives
3Com switches - undocumented access level.
From: monti () MAIL NETURAL COM (Eric Monti)
Date: Tue, 5 May 1998 12:33:09 -0500
I dont know if this is known or documented elsewhere but it took me by suprise, so here goes. The recent posts about the rcon user in quake servers have reminded me that I still havent heard back from 3Com about the following "feature". My experience has shown that switches are not as much missle chucking fun as quake, but that isnt to say you cant play games on one. <hyuk> PROBLEM: There appears to be a backdoor/undocumented "access level" in current (and possibly previous) versions of 3Com's "intelligent" and "extended" switching software for LanPlex/Corebuilder switches. In addition to the "admin", "read", and "write" accounts, there is a "debug" account with a password of "synnet" on shipped images (including those available for download from infodeli.3com.com). The versions of firmware this was tested under include 7.0.1 and 8.1.1. The debug account appears to have all the privileges of the admin account plus some "debug" commands not available to any other ID. IMPACT: If you allow "remote administration" (telnet access), well... yeah. FIX: Login to the switch with the debug/synnet combo and use the "system password" command to change this to something non-default. You wont be able to change the password using the admin account.
Current thread:
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER Nick (May 01)
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER Mark Morgan (May 05)
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER jtb (May 05)
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER Christian Antkow (May 05)
- 3Com switches - undocumented access level. Eric Monti (May 05)
- xterm and Xaw library vulnerability (XFree86 advisory) David Dawes (May 05)
- Re: xterm and Xaw library vulnerability (XFree86 advisory) David Dawes (May 06)
- Fix for Quake Servers dizzy (May 05)
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER Mark Morgan (May 05)