|
|
N-Base Switch Vulnerability
Solution: Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from http://www.nbase.com. A post was sent to the Bugtraq mailing list by Geoff Cummins <geoff@NBASE.com> detailing the additional security features found in the updated software. They are as follows. set-full-sec enable (this disables the backdoor passwords) set-sw-file XXX (where XXX is the name you want to call your SNMP software update file) set-par-file XXX (where XXX is the name you want to call your parameters file) set-passwd <return> (this will display a prompt to enter a new password) set-comm read XXX (where XXX is the new read community) set-comm write XXX (where XXX is the new write community) These steps should secure the mentioned MegaSwitch II configurations. For GigaFrame Switch NH3012 2.1 set-full-sec enabled set-sw-file XXX set-par-file XXX set-comm read XXX set-comm write XXX set-passwd <return> del-user user (By default there are two users "super", and "user". "super" has supervisor priveldges, "user" is just a default. To secure the system, you should delete the "user" account.) |
|
Privacy Statement |