SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (Router/Bridge/Hub)  >   Instant Wireless Network Access Point Vendors:   Linksys
Linksys Wireless Access Point SNMP Port Can Be Locked Out By Remote Users
SecurityTracker Alert ID:  1003035
SecurityTracker URL:  http://securitytracker.com/id/1003035
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 21 2001
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): Atmel Firmware 1.3; Tested on a WAP11 Syslink Wireless Access Point WPC11 Wireless network PC card (PCMCIA+PCI) Under Windows 2000
Description:   VIGILANTe reported a denial of service vulnerability in the WAP11 Syslink Wireless Access Point WPC11 Wireless network PC card. A remote user can cause the device's SNMP port to crash.

A remote user can send an SNMP read request with a community name different than "public", including a NULL community string, or with an unknown OID to cause the device's SNMP port to stop processing requests. This apparently occurs even if the SNMP response sent by the device is correct.

It is reported that the vendor has released a more recent version of this software, but it is not known if it is vulnerable to this attack. VIGILANTe did not perform tests on this newer version.
Impact:   A remote user can cause the device's SNMP port to stop processing requests.
Solution:   The vednor has released a newer version of the firmware (1.4g.5). The vendor suggests using the new code, available at:

ftp://ftp.linksys.com/pub/network/wap11fw14g5.exe.

A new utility is also required to use this firmware, available at:

ftp://ftp.linksys.com/pub/network/wap11sw.exe.

Note that VIGILANTe did not test the newer version. Also, the vendor does not explicitly state that the newer version corrects the situation.
Vendor URL:  www.linksys.com/products/product.asp?grid=22&prid=157 (Links to External Site)
Cause:   Exception handling error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Fri, 21 Dec 2001 17:49:24 +0100
Subject:  VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community Stri


Atmel SNMP Non Public Community String DoS Vulnerability
Advisory Code: VIGILANTE-2001003
Release Date: December 21, 2001

Systems affected:
Atmel Firmware 1.3
Tested on a WAP11 Syslink Wireless Access Point WPC11 Wireless network PC
card (PCMCIA+PCI) Under Windows 2000

Systems not affected:
Vendor released a more recent version of this software, but it is not known
if it is vulnerable to this attack. We did not perform tests on this newer
version.

The problem:
During some tests we noticed that the 1.3 version firmware contains a flaw
that may result in a denial-of-service, preventing any new further request
to be correctly handled by the device. 


If a SNMP read request is made with a community name different than "public"
( including NULL community string ) or an unknown OID, it leads to a denial
of service even if the answer is correct ( ie the returned code error in the
reply is ok ). Any SNMP request made to the Wireless Access Point is then
denied. Reset of the appliance is necessary to recover normal functioning. 
Vendor status:
Linsys was contacted October 30, 2001 and answered. They say that the 1.3
firmware for the WAP11 is a somewhat dated release. The current shipping
version is 1.4g.5.

Vulnerability Assessment:
A test case to detect this vulnerability was added to SecureScan NX in the
upgrade package of December 21, 2001. You can see the documentation of this
test case 15471 on SecureScan NX web site at
http://securescannx.vigilante.com/tc/15471 

Fix:
Vendor suggested the following : "for customers that have earlier versions,
new code is available on our ftp site:
ftp://ftp.linksys.com/pub/network/wap11fw14g5.exe.

The new utility is also required to use this firmware, also available on our
ftp site : ftp://ftp.linksys.com/pub/network/wap11sw.exe.

These links are also published on our website at :
http://www.linksys.com/download/firmware.asp under the wap11 section from
the drop down." 

CVE:
Common Vulnerabilities and Exposures group ( reachable at
http://cve.mitre.org/ ) was contacted to get a candidat number. It will be
included here when available.

Credit:
This vulnerability was discovered by Frederic Brouille, member of VIGILANTe.
We wish to thank Atmel for their help in investigating this problem. 

Copyright VIGILANTe.com, Inc. 2001-12-21

Disclaimer:
The information within this document may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any consequences whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information lays
within the user's responsibility.

Feedback:
Please send suggestions, updates, and comments to isis@vigilante.com.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC