Zero One Technology's ZOT P100s Print Server Discloses Information to Remote Users via SNMP Even When Configured Not To
|
Date: Feb 25 2002
|
Impact: Disclosure of system information
|
Exploit Included: Yes
|
Description: An information disclosure vulnerability was reported in the ZOT P100s print server. A remote user can obtain information from the device using SNMP even if SNMP has been disabled.
It is reported that a remote user can use SNMP to obtain information about the device configuration and performance even if SNMP has been disabled and the public community string has been changed.
|
Impact: A remote user can obtain information from the device using SNMP even if SNMP has been disabled.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.01tech.com/product_p100s.htm (Links to External Site)
|
Cause: Access control error, State error
|
Reported By: Clinton Smith <security@esales.iinet.net.au>
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 21 Feb 2002 10:42:31 +0800
From: Clinton Smith <security@esales.iinet.net.au>
Subject: Zero One Tech (ZOT) P100s PrintServer and SNMP
|
Background:
The ZOT P100s is a hardware printserver device
allowing sharing of a parallel printer on a standard
UTP network.
It has embedded telnet, http (among others) and provides
information via SNMP with default community read string.
(have not tried write yet).
Problem:
After connecting to the device and disabling SNMP,
and setting the public string to non-standard,
it appears that the device is still accessible.
* verified with SNMPWALK - which enumerates loads
of useful information.
Has anyone had any experience with this product?
Is this a bug?, or something else?
Regards,
Clinton
|
|
