[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: 3Com switches - undocumented access level.]



It is remote access - via telnet!

Rabid Wombat wrote:
> 
> Since you didn't specify the method of access. it is hard to determine if
> this is a large security hole. Most equipment can be rebooted and brought
> up without a password IF you have local access. For example, Cisco routers
> can be brought up without password simply by specifying the starting
> address of the load file, but you have to be at the local console to do
> this.
> 
> UNIX systems can be brought up w/o password in single-user mode, if you
> have local access. Yes, there are firmware passwords to guard against
> this on many systems, but one can always swap up the eeprom, etc.
> 
> I'd only be worried about the 3Com backdoor if it can be used remotely.
> Got any details?
> 
> -r.w.

-- 

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    |Prying open my 3rd eye.  So good to see |./|\.
..\|/..|[email protected]|you once again. I thought you were      |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run  |\/|\/
../|\..| "A toast to Odin,  |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were....            |.....
======================= http://www.sundernet.com ==========================