TITLE:
3Com SuperStack 3 Switch 4400 Information Disclosure
SECUNIA ADVISORY ID:
SA22818
VERIFY ADVISORY:
http://secunia.com/advisories/22818/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
>From local network
OPERATING SYSTEM:
3Com SuperStack 3 Switch 4400 Family
http://secunia.com/product/450/
DESCRIPTION:
A security issue has been reported in the 3Com SuperStack 3 Switch
4400 family, which can be exploited by malicious people to gain
knowledge of sensitive information.
The problem is caused due to an error in the handling of certain
management packets, which may cause the network device to disclose
the SNMP Read-Write community string.
This can further be exploited to perform various actions on the
switch including disabling of ports or reconfiguration of the VLAN.
Successful exploitation requires access to the management VLAN.
The security issue is reported in 3Com SS3 4400/4400PWR/4400SE/4400FX
firmware versions 5.11, 6.00, and 6.10 or prior.
SOLUTION:
An update is reportedly available for customers with a software
maintenance agreement or via the 3Com Partner Access site.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Andrew Brennan.
ORIGINAL ADVISORY:
http://www.3com.com/securityalert/alerts/3COM-06-004.html
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.