SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Compaq Wireless Gateway Vendors:   Compaq
(Compaq Issues Fix Instructions) Re: Compaq WL310 Wireless Gateway Discloses SNMP Community String (Password) to Remote Users
SecurityTracker Alert ID:  1005045
SecurityTracker URL:  http://securitytracker.com/id/1005045
CVE Reference:   CVE-2002-0812   (Links to External Site)
Date:  Aug 14 2002
Impact:   Disclosure of authentication information, Disclosure of system information, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): WL310
Description:   An information disclosure vulnerability was reported in Compaq's WL310 wireless access gateway. A remote user can view and modify configuration information.

Foundstone Labs issued an advisory warning that the Compaq WL310 wireless gateway (reported to be an OEM version of the ORiNOCO access point) discloses the SNMP community string to remote users. A remote user can reportedly query the community string and change the system configuration parameters, including Wired Equivalent Privacy (WEP) keys and Domain Name Service (DNS) information.

This can can reportedly be achieved by sending a specific packet to UDP port 192 to cause the access point to return the unique identification value in the 'system.sysName.0' parameter. The remote user can then use this value as the SNMP community string to view and modify the configuration via SNMP.

The following is the demonstration probe packet that can be used:

"\x01\x00\x00\x00\x70\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

The vendor has reportedly been notified.

Impact:   A remote user can determine the SNMP community string used to protect SNMP access to the device.
Solution:   Compaq reports that the latest versions of the device firmware can be configured to avoid the vulnerability.

Current versions of the Residential Gateway Setup Utility, "RGSU", and AP Manager are available at:

http://www.compaq.com/support/files/networking/wlan/WL310.html

Compaq WL310 Wireless Home Office Gateway Setup Utility DOWNLOAD:

SP21389.exe ftp://ftp.compaq.com/pub/softpaq/sP21001-21500/sp21389.exe

Compaq WL310, WL410, and WL510 Wireless Access Point Manager Software DOWNLOAD:

SP21388.exe ftp://ftp.compaq.com/pub/softpaq/sp21001-21500/sp21388.exe

HP strongly recommends that users adhere to the following steps:

1. Using RGSU, click on the "Security" button on the last screen to change the password and encryption key of the device.

2. Use AP Manager to configure the SNMP settings and specify a range of IP addresses that are allowed to access the device.

3. Use AP Manager to change the SNMP password, SSID and WEP encryption key.

Compaq (HP) will reportedly issue a Security Bulletin, to be posted to the support website within 24 hours of release at:

http://thenew.hp.com/country/us/eng/support.html

Use the SEARCH IN feature box, enter SSRT2314 in the search window.

Vendor URL:  wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0030W.xml&dt=11 (Links to External Site)
Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Aug 9 2002 Compaq WL310 Wireless Gateway Discloses SNMP Community String (Password) to Remote Users



 Source Message Contents

Subject:  SSRT2314 Security information - Compaq WL310 - Wireless Home Office


http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0030W.xml&dt=11

SECURITY BULLETIN

DOCUMENT NUMBER: SRB0030W REVISION: 0

SSRT2314 Security information - Compaq WL310 - Wireless Home Office
Gateway

NOTICE: There are no restrictions for distribution of this Bulletin
provided that it remains complete and intact.

RELEASE DATE: August 2002 LAST UPDATED: August 13, 2002

SEVERITY: 2

SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary of
Hewlett-Packard Company and Hewlett-Packard Company HP Services
Software Security Response Team

CROSS REFERENCE: Bulletin published by Foundstone in regard to Compaq
WL310

PROBLEM SUMMARY:

    * WL310 Home Office Gateway  (Severity - Low)

      SSRT2314 Potential SNMP attack for out-of-the-box installations of
WL310 Home Office Gateway, 
          o potential default SNMP read/write community string
predictability vulnerability,
          o potential default network name exposure,
          o potential default WEP encryption key issue.

VERSIONS IMPACTED:

WL310


RESOLUTION

The HP Security Bulletin will be posted to the support website within 24
hours of release to - http://thenew.hp.com/country/us/eng/support.html
Use the SEARCH IN feature box, enter SSRT2314 in the search window.

After careful investigation of the potential issue in the Foundstone
document, HP provides the following information.

The SNMP attack documented by Foundstone takes advantage of the default
"out-of-the-box" installation of the WL310. The software included with
the WL310 allow the user to change a multitude of settings that mitigate
security risks of the device. The user documentation included with the
WL310 as well as the help files for the RGSU and AP Manager detail the
options available to the user.

Current versions of the Residential Gateway Setup Utility, "RGSU", and
AP Manager; are available at
http://www.compaq.com/support/files/networking/wlan/WL310.html

Compaq WL310 Wireless Home Office Gateway Setup Utility DOWNLOAD:
SP21389.exe
ftp://ftp.compaq.com/pub/softpaq/sP21001-21500/sp21389.exe

Compaq WL310, WL410, and WL510 Wireless Access Point Manager Software
DOWNLOAD: SP21388.exe
ftp://ftp.compaq.com/pub/softpaq/sp21001-21500/sp21388.exe

To address these potential problems HP strongly recommends that:

   1. Using RGSU, click on the "Security" button on the last screen to
change the password and encryption key of the device.
   2. Use AP Manager to configure the SNMP settings and specify a range
of IP addresses that are allowed to access the device.
   3. Use AP Manager to change the SNMP password, SSID and WEP
encryption  key.

Blocking UDP ports 192 and 161 is not recommended by HP and should be
used as a last resort. In blocking these ports, the device will no
longer be manageable using SNMP, which will impact features and
functionalities accessible through the AP Manager, an SNMP based tool.


COMPAQ PLATFORMS AFFECTED: WL310

OPERATING SYSTEMS AFFECTED: Non-Operating System Specific

SUBSYSTEMS AFFECTED: Non-Hardware Specific

THIRD PARTY PRODUCTS AFFECTED: None

DOWNLOADABLE FILES: None

SUPPORT: For further information, contact HP Services.

SUBSCRIBE: To subscribe to automatically receive future Security
Advisories from the Software Security Response Team via electronic mail:
http://www.support.compaq.com/patches/mailing-list.shtml

REPORT: To report a potential security vulnerability with any Compaq
supported product, send email to:
security-alert@hp.com

HP and Compaq appreciates your cooperation and patience. As always,HP
and Compaq urges you to periodically review your system management and
security procedures. HP and Compaq will continue to review and enhance
the security features of its products and work with our customers to
maintain and improve the security and integrity of their systems.

"HP and Compaq are broadly distributing this Security Bulletin in order
to bring to the attention of users of the affected Compaq products the
important security information contained in this Bulletin. HP and Compaq
recommend that all users determine the applicability of this information
to their individual situations and take appropriate action. Neither HP
nor Compaq warrant that this information is necessarily accurate or
complete for all user situations and, consequently, neither HP nor
Compaq will be responsible for any damages resulting from user's use or
disregard of the information provided in this Bulletin."


Compaq and HP shall not be liable for technical or editorial errors or
omissions contained herein. The information in this document is subject
to change without notice. Compaq and the names of Compaq products
referenced herein are, either, trademarks and/or service marks or
registered trademarks and/or service marks of of Compaq Information
Technologies Group, LP. Other product and company names mentioned herein
may be trademarks and/or service marks of their respective owners.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC