[20750] in bugtraq
undocumented 3Com Netbuilder II SNMP ILMI commnity
daemon@ATHENA.MIT.EDU (Juan Manuel Pascual Escriba)
Wed May 23 21:14:08 2001
Message-ID: <3B0BEC5F.E81DDB52@plazasite.com>
Date: Wed, 23 May 2001 18:59:11 +0200
From: Juan Manuel Pascual Escriba <pask@plazasite.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
WWW.PLAZASITE.COM
Systems & Security Division
Title: 3Com Netbuilder II SNMP ILMI Community
Date: 15-5-2001
Platform: Only tested Netbuilder II routers
Author: Juan Manuel Pascual (pask@plazasite.com)
Status: Vendor Contacted but no answers received
OVERVIEW:
It seems to exist an undocumented read-only SNMP community in 3Com
Netbuilder II Routers. The same happens in cisco and olicom routers. I
checked this feature in Netbuilder II with CEC20 processor. CPU version 9.3
and serial card firmware is 2.5 Its really an old router.
IMPACT:
It is posible to obtain information from SNMP MiB.
SOLUTION:
Disable snmp server and update when the patch will be available.
SPECIAL THANKS TO:
Jose Manuel Pasamar: jpasamar@cc.upv.es
--------------------------------------------------------------------
This vulnerability was researched by:
Juan Manuel Pascual Escriba: pask@plazasite.com
