N-Base交换机漏洞

漏洞信息详情

N-Base交换机漏洞

• CNNVD编号：CNNVD-199807-025
• 危害等级： 超危
  
  
• CVE编号：
  CVE-1999-1420
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1998-07-20
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  n-base
• 漏洞来源：
  These vulnerabilit…

NBase 交换机 NH2012、NH2012R、NH2015以及NH2048有一个不可关闭的非法途径密码，远程攻击者借此修改交换机的配置。

Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from
http://www.nbase.com. A post was sent to the Bugtraq mailing list by Geoff Cummins detailing the additional security features found in the updated software. They are as follows.
set-full-sec enable (this disables the backdoor passwords)
set-sw-file XXX (where XXX is the name you want to call your SNMP software update file)
set-par-file XXX (where XXX is the name you want to call your parameters file)
set-passwd (this will display a prompt to enter a new password)
set-comm read XXX (where XXX is the new read community)
set-comm write XXX (where XXX is the new write community)
These steps should secure the mentioned MegaSwitch II configurations.
For GigaFrame Switch NH3012 2.1
set-full-sec enabled
set-sw-file XXX
set-par-file XXX
set-comm read XXX
set-comm write XXX
set-passwd
del-user user (By default there are two users “super”, and “user”. “super” has supervisor priveldges, “user” is just a default. To secure the system, you should delete the “user” account.)
@nbase.com>

来源: BID
名称: 212
链接:http://www.securityfocus.com/bid/212

来源: BUGTRAQ
名称: 19980722 N-Base Vulnerability Advisory Followup
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2

来源: BUGTRAQ
名称: 19980720 N-Base Vulnerability Advisory
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2