Re: [In]security in USR TotalSwitch

From: Adam Maloney (adamat_private)
Date: Mon Dec 21 1998 - 12:52:29 PST

Next message: phroid: "Linux tcplogd hack able to log any tcp portscan attack (nmap2)"

Previous message: Rattle: "Microsoft Security Bulletin (MS98-019) (fwd)"
Maybe in reply to: Adam Maloney: "[In]security in USR TotalSwitch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Normally I would've bought a Cisco switch, or a different 3com switch, but
these guys were so cheap, i couldn't resist.

I recently upgraded to the newest version of the firmware, and the
vulnerability still exists.

The version I'm using is 2.2 released on 10/30/97  There is no mention of
any newer version in their totalsupport download area.

Where did you see the patch?  I can't find any mention of it.

Thanks,
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                  Adam Maloney
            Systems  Administrator
                Internet  Exposure
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-----Original Message-----
From: Lou Anschuetz <louat_private>
To: BUGTRAQat_private <BUGTRAQat_private>
Date: Monday, December 21, 1998 2:35 PM
Subject: Re: [In]security in USR TotalSwitch


>> I searched the archives, with no luck finding anything about this.
>>
>> Recently a bunch of USR TotalSwitch (chassis which takes 5 cards, 10 /
100 /
>> fddi / whatever, and a network management card) units went up for
auction,
>> and I know a lot of people purchased them, hence my concern.
>>
>> The switch is managable via snmp, telnet or a console port.  Using the
>> management features, you can disable / enable certain ports, configure IP
>> routes and such.  The management software allows you to set a password to
>> access the switch (either by telnet or the console).
>>
>> Of course, there is a back-door so techs could reset or debug the unit if
>> they didn't have the password.  Unfortunately, this backdoor is not
limited
>> to the console port like it should be.  It is possible to telnet to the
>> switch, enter a "secret code" (which is readily available, for everyone's
>> sake I won't give it out here) and do a memory dump to see the plaintext
>> password.
>>
>> Solution:  3COM - limit this functionality to the console port ONLY.
>> End-user - add an access list to filter telnet to your switch's IP
address
>> from outside your network.
>>
>> P.S. If anyone knows where to get the 100btx cards for this thing, please
>> e-mail me!
>>
>> Reguards,
>>
>3COM did put out a patch for this, though it was rather quietly -
>it also effects all CoreBuilder switches. Fortunately, I only buy
>un-managed 3COM stuff. Everything that is a switch (or above) is
>Cisco.
>
>--
>-
>Lou Anschuetz, louat_private
>Network Manager, ECE, Carnegie Mellon University
>

Next message: phroid: "Linux tcplogd hack able to log any tcp portscan attack (nmap2)"
Previous message: Rattle: "Microsoft Security Bulletin (MS98-019) (fwd)"
Maybe in reply to: Adam Maloney: "[In]security in USR TotalSwitch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:27 PDT