SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   SURFboard Vendors:   Motorola
(Motorola SURFboard Cable Modems are Vulnerable) Re: Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System
SecurityTracker Alert ID:  1003579
SecurityTracker URL:  http://securitytracker.com/id/1003579
CVE Reference:   CVE-2002-0012, CVE-2002-0013   (Links to External Site)
Date:  Feb 17 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): SB4100, possibly others
Description:   CERT reported that the University of Oulu (Finland) has discovered vulnerabilities in many vendor implementations of the Simple Network Management Protocol (SNMP) version 1.

The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) reports that there are numerous vulnerabilities in SNMPv1 implementations from many different vendors. A remote user can reportedly cause denial of service attacks or gain elevated privileges on the system. The extent of the vulnerabilities depends on the specific vendor implementation. Vulnerabilities apparently include denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the request message to use the correct SNMP community string, according to CERT. OUSPG reportedly performed two sets of tests of SNMP request message handling of the decoded data. Some of the products implement defective SNMPv1 trap handling. A remote user can reportedly send a specially crafted SNMP trap message to an SNMP manager to trigger the vulnerability. Some of the products implement defective SNMPv1 request handling. A remote user can reportedly send a specially crafted SNMP request message to an SNMP agent to trigger the vulnerability.

A user has reported that the OUSPG test case #900 can cause the cable modem to crash.

Impact:   A remote user can cause the cable modem to crash. The power must be cycled to return to normal operation.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.gi.com/noflash/sb4100.html (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Feb 12 2002 Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System



 Source Message Contents

Subject:  SNMP test suite vs. Motorola SB4100 cable modem



My Motorola SB4100 handled the SNMP test suite well up until test-case 900,
upon which it locked up completely.

I had to disconnect and reconnect the power cord to bring it back online.  I
haven't tried the rest of the suite yet.

To my cable company's credit, they recently restricted SNMP access across
the subnet my cable modem resides in.  It appears you can only send SNMP
packets to your own modem.  This was not the case late last year.

NT4's SNMP service crashes around test-case 2358.  The SNMP service in Win9x
crashes slightly sooner.  Neither was as impressive as the cable modem.  :)

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC