N-Base交换机漏洞

漏洞信息详情

N-Base交换机漏洞

• CNNVD编号：CNNVD-199807-022
• 危害等级： 中危
  
  
• CVE编号：
  CVE-1999-1421
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1998-07-20
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  n-base
• 漏洞来源：
  These vulnerabilit…

Nbase交换机 NH208和NH215运行一个TFTP服务器，远程攻击者通过推测含默认名称的目标文件名，发送软件升级来修改交换机或者导致服务拒绝（崩溃）。

Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from
http://www.nbase.com. A post was sent to the Bugtraq mailing list by Geoff Cummins detailing the additional security features found in the updated software. They are as follows.
set-full-sec enable (this disables the backdoor passwords)
set-sw-file XXX (where XXX is the name you want to call your SNMP software update file)
set-par-file XXX (where XXX is the name you want to call your parameters file)
set-passwd (this will display a prompt to enter a new password)
set-comm read XXX (where XXX is the new read community)
set-comm write XXX (where XXX is the new write community)
These steps should secure the mentioned MegaSwitch II configurations.
For GigaFrame Switch NH3012 2.1
set-full-sec enabled
set-sw-file XXX
set-par-file XXX
set-comm read XXX
set-comm write XXX
set-passwd
del-user user (By default there are two users “super”, and “user”. “super” has supervisor priveldges, “user” is just a default. To secure the system, you should delete the “user” account.)
@nbase.com>

来源: BID
名称: 212
链接:http://www.securityfocus.com/bid/212

来源: BUGTRAQ
名称: 19980722 N-Base Vulnerability Advisory Followup
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2

来源: BUGTRAQ
名称: 19980720 N-Base Vulnerability Advisory
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2