Bugtraq mailing list archives
One more 3Com SNMP vulnerability
From: nkrukauskas () LBANK LT (Nerijus Krukauskas)
Date: Mon, 30 Aug 1999 15:43:42 +0200
Hi, It seems that 3Com does not pay much atention how its SNMP is implemented. In 3Com SuperStack II hubs MIB there's an OID: .1.3.6.1.4.1.43.10.4.2. Its name decodes to .iso.org.dod.internet.private.enterprises.a3Com.generic.security.securityUserTable. What You need to know that's read-only community and this OID will give you entire table of communities (read-write and read-only). If somebody knows how to contact 3Com with such reports forward this info to them. Half an hour exploring 3Com web site i found no e-mail's (not even support () 3com com). Amazing... -- Nerijus Krukauskas Bank of Lithuania Division head IT department, Networking division Tel. +370-2-680731 Zirmunu 151 nkrukauskas () lbank lt 2012 Vilnius, Lithuania
Current thread:
- One more 3Com SNMP vulnerability Nerijus Krukauskas (Aug 30)
- Re: One more 3Com SNMP vulnerability Peter Hicks (Sep 01)
- Re: One more 3Com SNMP vulnerability fred () VIA ECP FR (Sep 02)
- NMRC Advisory: HackerShield on Windows NT Simple Nomad (Sep 14)
- Sega Dreamcast Web Browser Email Security Issue HIGH TIMES (Sep 14)