漏洞信息详情

N-Base交换机漏洞

• CNNVD编号：CNNVD-199807-025
• 危害等级： 超危
  
• CVE编号： CVE-1999-1420
• 漏洞类型： 其他
• 发布时间： 1998-07-20
• 威胁类型： 远程
• 更新时间： 2005-10-20
• 厂        商： n-base
• 漏洞来源： in a detailed advisory. A followup was posted on July 20, 1998 by Geoff Cummins .');">These vulnerabilit...

漏洞简介

NBase 交换机 NH2012、NH2012R、NH2015以及NH2048有一个不可关闭的非法途径密码，远程攻击者借此修改交换机的配置。

漏洞公告

Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from http://www.nbase.com. A post was sent to the Bugtraq mailing list by Geoff Cummins detailing the additional security features found in the updated software. They are as follows. set-full-sec enable (this disables the backdoor passwords) set-sw-file XXX (where XXX is the name you want to call your SNMP software update file) set-par-file XXX (where XXX is the name you want to call your parameters file) set-passwd (this will display a prompt to enter a new password) set-comm read XXX (where XXX is the new read community) set-comm write XXX (where XXX is the new write community) These steps should secure the mentioned MegaSwitch II configurations. For GigaFrame Switch NH3012 2.1 set-full-sec enabled set-sw-file XXX set-par-file XXX set-comm read XXX set-comm write XXX set-passwd del-user user (By default there are two users "super", and "user". "super" has supervisor priveldges, "user" is just a default. To secure the system, you should delete the "user" account.)

参考网址

来源: BID 名称: 212 链接:http://www.securityfocus.com/bid/212 来源: BUGTRAQ 名称: 19980722 N-Base Vulnerability Advisory Followup 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2 来源: BUGTRAQ 名称: 19980720 N-Base Vulnerability Advisory 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2

受影响实体

• N-Base Nh2048:1.33  
• N-Base Nh3012:2.1  
• N-Base Nh2012:2.53  
• N-Base Nh2012r:2.53  
• N-Base Nh2015:2.51  

补丁

暂无