Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) In Defense Of Ascend...



> No, you can't with a cisco.  However, anyone who had half a brain and
> about 15 minutes could have breezed through the SEC - Security supplement
> part of their manual and read about what needed to be done to SNMP.  I

The SNMP-to-operator equivalence breaks the security model of the Ascend
interface, too --- you don't need "Full access", or "Edit Security"
access, to see the SNMP communities in the Ethernet/Mod Config menu. Using
SNMP, "Edit System" access can be parlayed into complete operator access.

Perhaps that's a known fact, but it was one of the motivating factors for
including the issue in the advisory. I agree, the major issue was the port
9 reset-the-router bug.

-----------------------------------------------------------------------------
Thomas H. Ptacek			     		Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf				"mmm... sacrilicious"

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


References: