N-Base Switch Vulnerability

Solution:
Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from http://www.nbase.com. A post was sent to the Bugtraq mailing list by Geoff Cummins <geoff@NBASE.com> detailing the additional security features found in the updated software. They are as follows.

set-full-sec enable (this disables the backdoor passwords)

set-sw-file XXX (where XXX is the name you want to call your SNMP software update file)

set-par-file XXX (where XXX is the name you want to call your parameters file)

set-passwd <return> (this will display a prompt to enter a new password)

set-comm read XXX (where XXX is the new read community)

set-comm write XXX (where XXX is the new write community)

These steps should secure the mentioned MegaSwitch II configurations.

For GigaFrame Switch NH3012 2.1

set-full-sec enabled

set-sw-file XXX

set-par-file XXX

set-comm read XXX

set-comm write XXX

set-passwd <return>

del-user user (By default there are two users "super", and "user". "super" has supervisor priveldges, "user" is just a default. To secure the system, you should delete the "user" account.)



 

Privacy Statement
Copyright 2010, SecurityFocus