[SA22818] 3Com SuperStack 3 Switch 4400 Information Disclosure

TITLE:
3Com SuperStack 3 Switch 4400 Information Disclosure

SECUNIA ADVISORY ID:
SA22818

VERIFY ADVISORY:
http://secunia.com/advisories/22818/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
>From local network

OPERATING SYSTEM:
3Com SuperStack 3 Switch 4400 Family
http://secunia.com/product/450/

DESCRIPTION:
A security issue has been reported in the 3Com SuperStack 3 Switch
4400 family, which can be exploited by malicious people to gain
knowledge of sensitive information.

The problem is caused due to an error in the handling of certain
management packets, which may cause the network device to disclose
the SNMP Read-Write community string.

This can further be exploited to perform various actions on the
switch including disabling of ports or reconfiguration of the VLAN.

Successful exploitation requires access to the management VLAN.

The security issue is reported in 3Com SS3 4400/4400PWR/4400SE/4400FX
firmware versions 5.11, 6.00, and 6.10 or prior.

SOLUTION:
An update is reportedly available for customers with a software
maintenance agreement or via the 3Com Partner Access site.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Andrew Brennan.

ORIGINAL ADVISORY:
http://www.3com.com/securityalert/alerts/3COM-06-004.html

---

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.