The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of 3Com Super Stack Switch

computer vulnerability announce CVE-2012-3268

HP/3Com Switch, Router: password disclosure via SNMP

Synthesis of the vulnerability

An attacker can use the SNMP service, in order to obtain the password of local users on HP/3Com switches/routers.
Impacted products: NETBuilder II, Super Stack PS Hub, Super Stack Switch, ProCurve Switch.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: intranet client.
Creation date: 23/10/2012.
Revision date: 24/10/2012.
Identifiers: BID-56183, c03515685, CERTA-2012-AVI-604, CVE-2012-3268, HPSBHF02819, SSRT100920, VIGILANCE-VUL-12087, VU#225404.

Description of the vulnerability

The SNMP service is used to remotely administer a device. Data is stored in MIBs.

The h3c-user.mib and hh3c-user.mib MIBs contain an h3cUserInfoEntry sequence with the following fields:
 - h3cUserName
 - h3cUserPassword (cleartext or hashed)
 - h3cAuthMode
 - h3cUserLevel

The access to these data should be restricted to communities with the read/write privilege. However, on HP/3Com equipments, a read-only community (such as "public", which is enabled by default) can read these authentication data.

An attacker can therefore use the SNMP service, in order to obtain the password of local users on HP/3Com switches/routers.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2006-5382

3Com SS3 4400: obtaining the SNMP community string

Synthesis of the vulnerability

An attacker in the management VLAN can obtain the SNMP community string.
Impacted products: Super Stack Switch.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 30/10/2006.
Identifiers: 3COM-06-004, CERTA-2006-AVI-493, CVE-2006-5382, VIGILANCE-VUL-6263.

Description of the vulnerability

The SNMP community string is used for authentication on the switch.

An unauthenticated attacker located in the management VLAN can query the switch in a way it will return the community string.

This vulnerability therefore permits a VLAN attacker to administer the switch.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 4237

Déni de service des switchs 3com SuperStack 3

Synthesis of the vulnerability

Une attaque sur le port HTTP permet de causer un déni de service.
Impacted products: Super Stack Switch.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: intranet client.
Creation date: 28/06/2004.
Identifiers: BID-10601, V6-3COMSSTACK3HTTPDOS, VIGILANCE-VUL-4237.

Description of the vulnerability

Les switchs 3com SuperStack 3 possèdent un serveur web d'administration.

Lorsqu'une attaque sur le port 80 est menée, le switch redémarre.

Les détails techniques de l'attaque ne sont pas connus.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2002-0013 CVE-2002-0053

Vulnérabilités multiples des requêtes SNMP

Synthesis of the vulnerability

En envoyant des requêtes malicieuses, un attaquant peut provoquer des vulnérabilités dans les dispositifs.
Impacted products: Super Stack PS Hub, Super Stack Switch, IPSO, Cisco Access Server, Cisco Cache Engine, Cisco Catalyst, Cisco CSS, IOS by Cisco, Cisco Router, Cisco VPN Concentrator, WebNS, Debian, FreeBSD, MPE/iX, OpenView, OpenView Operations, Tru64 UNIX, HP-UX, AIX, Domino, Mandriva Linux, Windows 2000, Windows 95, Windows 98, Windows NT, Windows XP, Net-SNMP, Netware, openSUSE, Oracle DB, Oracle Directory Server, Oracle iPlanet Web Proxy Server, Solaris, Trusted Solaris, SNMP protocol, RedHat Linux, OpenLinux.
Severity: 3/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/02/2002.
Revisions dates: 14/02/2002, 15/02/2002, 18/02/2002, 19/02/2002, 20/02/2002, 21/02/2002, 22/02/2002, 25/02/2002, 26/02/2002, 27/02/2002, 28/02/2002, 04/03/2002, 05/03/2002, 06/03/2002, 07/03/2002, 14/03/2002, 18/03/2002, 21/03/2002, 29/03/2002, 03/04/2002, 04/04/2002, 08/04/2002, 09/04/2002, 11/04/2002, 15/04/2002, 18/04/2002, 19/04/2002, 25/04/2002, 29/04/2002, 14/05/2002, 17/05/2002, 05/06/2002, 07/06/2002, 10/06/2002, 19/06/2002, 11/07/2002, 22/07/2002, 09/08/2002, 12/08/2002, 28/08/2002, 10/09/2002, 20/02/2003, 24/10/2003.
Identifiers: 20020201-01-P, 20020213a, 20020404-01-P, BID-4089, BID-4132, BID-4140, BID-4168, BID-4590, BID-4732, BID-5043, BID-8881, BID-8882, CA-2002-03, CERTA-2002-AVI-033, CERTA-2002-AVI-034, CERTA-2002-AVI-038, CERTA-2002-AVI-069, CERTA-2002-AVI-125, CERTA-2002-AVI-174, CIAC M-042, CISCO20020212, CISCO20020225, Compaq SSRT0799, CSSA-2002-004, CSSA-2002-004.1, CVE-2002-0013, CVE-2002-0053, DSA-111, DSA-111-2, FreeBSD-SA-02:11, HP184, HPMPE15, ISS0110, ISS 110, IY17630, IY20943, M-042, MDKSA-2002:014, MS02-006, Netscreen 20020213a, Novell TID 2002-2961546, ORACLE030, Q314147, RHSA-2001:163, RHSA-2002:088, Security Alert 30, SGI 20020201, SGI 20020404, SSRT0799, Sun #00215, Sun 215, Sun Alert 42769, Sun Alert 43365, Sun Alert 43704, Sun Alert 43985, Sun Alert 44605, Sun Alert 46343, Sun Alert 57404, Sun Alert ID 42769, Sun Alert ID 43365, Sun Alert ID 43704, Sun Alert ID 43985, Sun Alert ID 44605, Sun Alert ID 46343, Sun Alert ID 57404, Sun BugID 4425460, Sun BugID 4563124, Sun BugID 4637910, Sun BugID 4640046, Sun BugID 4641068, Sun BugID 4641295, Sun BugID 4643692, Sun BugID 4648503, Sun BugID 4655355, SUSE-SA:2002:012, TID 2961546, TN 191059, V6-SNMPREQMULVULN, VIGILANCE-VUL-2268, VU#854306.

Description of the vulnerability

Le protocole SNMP permet d'obtenir des informations ou d'administrer à distance des dispositifs. La version 1 de ce protocole repose sur cinq types de paquets :
 - GetRequest : demande des informations
 - GetNextRequest : demande des informations à la chaîne
 - GetResponse : retourne la valeur désirée
 - SetRequest : affecte une variable
 - Trap : envoie une alerte
Les quatre premiers types emploient le port 161/udp. Les traps utilisent le port 162/udp.

Une étude a été menée sur de nombreux dispositifs et a révélé de nombreuses vulnérabilités dans les implémentations des requêtes SNMP. Les types concernés sont :
 - GetRequest
 - GetNextRequest
 - SetRequest

Un attaquant distant peut donc envoyer des paquets UDP malicieux destinés au port 161 dans le but de provoquer :
 - des buffers overflow
 - des attaques par format
 - etc.
Ceux-ci peuvent avoir des impacts variés :
 - obtention des droits d'administration
 - déni de service
 - comportement anormal du dispositif
 - etc.

Certaines de ces attaques nécessitent des community string corrects, alors que d'autres peuvent être menées de manière anonyme.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2002-0012 CVE-2002-0053

Vulnérabilités multiples des trap SNMP

Synthesis of the vulnerability

En envoyant des paquets trap malicieux, un attaquant peut provoquer des vulnérabilités dans les dispositifs.
Impacted products: Super Stack PS Hub, Super Stack Switch, IPSO, Cisco Access Server, Cisco Cache Engine, Cisco Catalyst, Cisco CSS, IOS by Cisco, Cisco Router, Cisco VPN Concentrator, WebNS, Debian, FreeBSD, MPE/iX, OpenView, OpenView Operations, Tru64 UNIX, HP-UX, AIX, Domino, Mandriva Linux, Windows 2000, Windows 95, Windows 98, Windows NT, Windows XP, Net-SNMP, Netware, openSUSE, Oracle DB, Oracle Directory Server, Oracle iPlanet Web Proxy Server, Solaris, Trusted Solaris, SNMP protocol, RedHat Linux, OpenLinux.
Severity: 3/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/02/2002.
Revisions dates: 14/02/2002, 15/02/2002, 18/02/2002, 19/02/2002, 20/02/2002, 22/02/2002, 25/02/2002, 26/02/2002, 27/02/2002, 28/02/2002, 04/03/2002, 05/03/2002, 06/03/2002, 07/03/2002, 14/03/2002, 18/03/2002, 21/03/2002, 03/04/2002, 04/04/2002, 08/04/2002, 09/04/2002, 11/04/2002, 15/04/2002, 18/04/2002, 19/04/2002, 25/04/2002, 29/04/2002, 17/05/2002, 05/06/2002, 07/06/2002, 19/06/2002, 11/07/2002, 28/08/2002, 10/09/2002.
Identifiers: 20020201-01-P, 20020213a, 20020404-01-P, BID-4088, BID-4132, BID-4140, BID-4168, BID-4203, BID-4590, BID-5043, CA-2002-03, CERTA-2002-AVI-033, CERTA-2002-AVI-034, CERTA-2002-AVI-038, CERTA-2002-AVI-069, CERTA-2002-AVI-125, CIAC M-042, CISCO20020212, CISCO20020225, Compaq SSRT0799, CSSA-2002-004, CSSA-2002-004.1, CVE-2002-0012, CVE-2002-0053, DSA-111, DSA-111-2, FreeBSD-SA-02:11, HP184, HPMPE15, IBM-APAR-IY17630, IBM-APAR-IY20943, ISS0110, ISS 110, IY17630, IY20943, M-042, MDKSA-2002:014, MS02-006, Netscreen 20020213a, Novell TID 2002-2961546, ORACLE030, Q314147, RHSA-2001:163, RHSA-2002:088, Security Alert 30, SGI 20020201, SGI 20020404, SSRT0799, Sun Alert 43985, Sun Alert ID 43985, Sun BugID 4425460, Sun BugID 4643692, Sun BugID 4648503, SUSE-SA:2002:012, TID 2961546, TN 191059, V6-SNMPTRAPMULVULN, VIGILANCE-VUL-2269, VU#107186.

Description of the vulnerability

Le protocole SNMP permet d'obtenir des informations ou d'administrer à distance des dispositifs. La version 1 de ce protocole repose sur cinq types de paquets :
 - GetRequest : demande des informations
 - GetNextRequest : demande des informations à la chaîne
 - GetResponse : retourne la valeur désirée
 - SetRequest : affecte une variable
 - Trap : envoie une alerte
Les quatre premiers types emploient le port 161/udp. Les traps utilisent le port 162/udp.

Une étude a été menée sur de nombreux dispositifs et a révélé de nombreuses vulnérabilités dans les implémentations des trap SNMP.

Un attaquant distant peut donc envoyer des paquets UDP malicieux destinés au port 162 dans le but de provoquer :
 - des buffers overflow
 - des attaques par format
 - etc.
Ceux-ci peuvent avoir des impacts variés :
 - obtention des droits d'administration
 - déni de service
 - comportement anormal du dispositif
 - etc.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.