CVE-1999-1421
CVSS6.4
发布时间 :1998-07-20 00:00:00
修订时间 :2016-10-17 22:04:19
NMCO    

[原文]NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.


[CNNVD]N-Base交换机漏洞(CNNVD-199807-022)

        Nbase交换机 NH208和NH215运行一个TFTP服务器,远程攻击者通过推测含默认名称的目标文件名,发送软件升级来修改交换机或者导致服务拒绝(崩溃)。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:n-base:nh208
cpe:/h:n-base:nh215

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1421
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1421
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199807-022
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=90221104526016&w=2
(UNKNOWN)  BUGTRAQ  19980720 N-Base Vulnerability Advisory
http://marc.info/?l=bugtraq&m=90221104526065&w=2
(UNKNOWN)  BUGTRAQ  19980722 N-Base Vulnerability Advisory Followup
http://www.securityfocus.com/bid/212
(UNKNOWN)  BID  212

- 漏洞信息

N-Base交换机漏洞
中危 其他
1998-07-20 00:00:00 2005-10-20 00:00:00
远程  
        Nbase交换机 NH208和NH215运行一个TFTP服务器,远程攻击者通过推测含默认名称的目标文件名,发送软件升级来修改交换机或者导致服务拒绝(崩溃)。

- 公告与补丁

        Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from
        http://www.nbase.com. A post was sent to the Bugtraq mailing list by Geoff Cummins detailing the additional security features found in the updated software. They are as follows.
        set-full-sec enable (this disables the backdoor passwords)
        set-sw-file XXX (where XXX is the name you want to call your SNMP software update file)
        set-par-file XXX (where XXX is the name you want to call your parameters file)
        set-passwd (this will display a prompt to enter a new password)
        set-comm read XXX (where XXX is the new read community)
        set-comm write XXX (where XXX is the new write community)
        These steps should secure the mentioned MegaSwitch II configurations.
        For GigaFrame Switch NH3012 2.1
        set-full-sec enabled
        set-sw-file XXX
        set-par-file XXX
        set-comm read XXX
        set-comm write XXX
        set-passwd
        del-user user (By default there are two users "super", and "user". "super" has supervisor priveldges, "user" is just a default. To secure the system, you should delete the "user" account.)

- 漏洞信息

10867
NBase NH Series Switches TFTP Remote File Modification
Remote / Network Access
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

1998-07-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站