3Com® CoreBuilder and SuperStack II LAN Vulnerabilities

3Com® CoreBuilder and SuperStack II LAN Vulnerabilities Privacy and Legal Notice INFORMATION BULLETIN I-052: 3Com® CoreBuilder and SuperStack II LAN Vulnerabilities May 20, 1998 16:00 GMT

PROBLEM:       3Com® CoreBuilder and SuperStack II LAN swithces may be 
               vulnerable to security breaches caused by unauthorized access 
               via special logins.                                                                     
DAMAGE:        By exploiting this vulnerability, remote users may gain 
               unauthorized access to switch configuration information. 
SOLUTION:      Perform the recommended password changes detailed in this 
               advisory. 
VULNERABILITY  Exploit information involving this vulnerability has been made 
ASSESSMENT:    publicly available. 

[Start 3Com® Advisory]

3Com® Security Advisory for CoreBuilder and SuperStack II Customers 

3Com is issuing a security advisory affecting select CoreBuilder LAN
switches and SuperStack II Switch products. This is in response to the 
widespread distribution of special logins intended for service and 
recovery procedures issued only by 3Com's Customer Service Organization 
under conditions of extreme emergency, such as in the event of a 
customer losing passwords.

Due to this disclosure some 3Com switching products may be vulnerable to
security breaches caused by unauthorized access via special logins.

To address these issues, customers should immediately log in to their
switches via the following usernames and passwords. They should then 
proceed to change the password via the appropriate Password parameter 
to prevent unauthorized access. 

CoreBuilder 6000/2500     - username: debug password: synnet 
CoreBuilder 7000     - username: tech password: tech 
SuperStack II Switch 2200     - username: debug password: synnet 
SuperStack II Switch 2700     - username: tech password: tech 

The CoreBuilder 3500, SuperStack II Switch 3900 and 9300 also have these
mechanisms, but the special login password is changed to match the admin 
level password when the admin level password is changed. 

Customers should also immediately change the SNMP Community string from the
default to a proprietary and confidential identifier known only to authorized 
network management staff.  This is due to the fact that the admin password is 
available through a specific proprietary MIB variable when accessed through 
the read/write SNMP community string. 

This issue applies only to the CoreBuilder 2500/6000/3500 and SuperStack II
Switch 2200/3900/9300.

Fixed versions of software will be available from 3Com for all of these
products by Wednesday 20th May 1998. 

General administration of these systems should still be performed through
the normal documented usernames and passwords. Other facilities found under 
these special logins are for diagnostic purposes and should only be used 
under specific guidance from 3Com's Customer Service Organization.

For more information 3Com has dedicated a hotline at 1-888-225-1733, or you
can contact your local 3Com Customer Service location. 

[End 3Com® Advisory]

CIAC wishes to acknowledge the contributions of 3Com® for the information contained in this bulletin.

DOE-CIRC can be contacted at:

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/