BugTraq
Back to list
|
Post reply
Medium Vulnerability in SNMP on Linsys BEFVP41
Apr 09 2003 06:48PM
Branson Matheson (branson windborne net)
(1 replies)
While the following is not a critical vulnerability, it is a serious
problem for those that are implementing these VPN routers in production
environments.
Problem:
The MIB information available from the default 'public' community name on
the external interface of a Linksys VPN router includes information about
the hosts on the inside of the protected network including routes, hardware
addresses ( MAC ), and some configuration information. What is NOT
available include information about the VPN's configured, any preshared
keys, VPN routes, or endpoint IP's.
Testability:
install the net-snmp package and run the following on any Linksys router
that has not had it's community names altered:
snmpwalk -v 1 -c public {ip}
This has been tested on versions 1.40.3f and 1.40.4 ( latest ) version.
Solution:
Change the community names configured in the 'password' section of the
VPN routers web based config tool. There is no current way to disable SNMP.
Vendor:
I have sent numerous mails to the vendor concerning this issue starting
about 90 days ago. The last several have been ignored.
[ reply ]
Re: Medium Vulnerability in SNMP on Linsys BEFVP41
Apr 12 2003 04:16PM
Stefan Laudat (stefan worldbank ro)
Privacy Statement
Copyright 2010, SecurityFocus
While the following is not a critical vulnerability, it is a serious
problem for those that are implementing these VPN routers in production
environments.
Problem:
The MIB information available from the default 'public' community name on
the external interface of a Linksys VPN router includes information about
the hosts on the inside of the protected network including routes, hardware
addresses ( MAC ), and some configuration information. What is NOT
available include information about the VPN's configured, any preshared
keys, VPN routes, or endpoint IP's.
Testability:
install the net-snmp package and run the following on any Linksys router
that has not had it's community names altered:
snmpwalk -v 1 -c public {ip}
This has been tested on versions 1.40.3f and 1.40.4 ( latest ) version.
Solution:
Change the community names configured in the 'password' section of the
VPN routers web based config tool. There is no current way to disable SNMP.
Vendor:
I have sent numerous mails to the vendor concerning this issue starting
about 90 days ago. The last several have been ignored.
[ reply ]