Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Medium Vulnerability in SNMP on Linsys BEFVP41
From: Branson Matheson <branson () windborne net>
Date: 9 Apr 2003 18:48:53 -0000


While the following is not a critical vulnerability, it is a serious 
problem for those that are implementing these VPN routers in production 
environments. 




Problem:




  The MIB information available from the default 'public' community name on 
the external interface of a Linksys VPN router includes information about 
the hosts on the inside of the protected network including routes, hardware 
addresses ( MAC ), and some configuration information. What is NOT 
available include information about the VPN's configured, any preshared 
keys, VPN routes, or endpoint IP's. 




Testability:


  


 install the net-snmp package and run the following on any Linksys router


that has not had it's community names altered:




  snmpwalk -v 1 -c public {ip} 




This has been tested on versions 1.40.3f and 1.40.4 ( latest ) version.




Solution: 


  


 Change the community names configured in the 'password' section of the 


VPN routers web based config tool. There is no current way to disable SNMP. 




Vendor:




 I have sent numerous mails to the vendor concerning this issue starting 
about 90 days ago. The last several have been ignored.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]