mailing list archives
Re: 3Com switches - undocumented access level.)
From: aleph1 () NATIONWIDE NET (Aleph One)
Date: Sun, 10 May 1998 14:41:37 -0500
Summary of multiple posts on the subject:
Riku Meskanen <mesrik () cc jyu fi>
- login: debug
- password: synnet
LinkSwitch 2700, SuperStack 2700, CellPlex 7000
- login: tech
- password: tech
SuperStack II 1000 ja SuperStack II 3000
- login: monitor
- password: monitor
Joel Moses <jmoses () dttus com>
CoreBuilder 7000-series has the problem. It is safe to change that
password on this model. Please note that if you have multiple management
cards, each one will have the password enabled.
Philippe Regnauld <regnauld () deepo prosa dk>
Netbuilder 2xx (v. SW/NBRO-AB,9.1): Nothing so far.
James Robertson <james () hal utmb edu>
I have checked Netbulder Version 8.4 up to 10.1. None of these versions
have a backdoor that I know of. I also scanned the boot images for any
hints, none found so far.
Also, Superstack II Switch 1100, 3000, 3300 do not have the 'tech'
backdoor nor does a scan of the boot image show any hints of the same.
There is another way to gain access to a Netbuilder. All 3Com Netbuilders
support a remote command. The remote command comes with RBCS ( Remote Boot
and Configuration Services ) and Transcend Management Suite.
If you are root on a Netbuilder and know the address of someone elses
Netbuilder you can remote to their Netbuiler from yours and gain root
Under System Options, Limit remote access connections to a single station
or single subnet.
SHow -SYS RemoteManager
Remote-In allowed from the following addresses:
Adam Spiers <adam () thelonious new ox ac uk>
My LANplex 2500 seems vulnerable:
LANplex 2500 (rev 6.20) - System ID 049bff
Software version 4.3.0-7 - Built 11/10/95 03:49:46 PM
The debug user id is clearly visible in an ASCII dump of the 4.3.0-20
image downloadable from ftp.3com.com.
- Re: 3Com switches - undocumented access level.) Aleph One (May 10)