(Vendor Issues Fix) Re: Nortel CVX-1800 Multi-service Access Switch Discloses Administrative Account Names and Passwords to Remote Users
|
|
SecurityTracker Alert ID: 1004112 |
|
SecurityTracker URL: http://securitytracker.com/id/1004112
|
|
CVE Reference:
CAN-2002-0540
(Links to External Site)
|
Updated: Jan 23 2004
|
Original Entry Date: Apr 19 2002
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): CVX 1800, 3.6.3p24 and 3.6.3p5
|
Description:
An information disclosure vulnerability was reported in Nortel's CVX-1800 mulit-service access switch (modem bank). In the default configuration, a remote user can obtain certain account names and passwords from the system.
It is reported that a remote user can query the device via SNMP to obtain the user names and passwords for all locally configured telnet accounts. These are apparently the accounts used to configure the CVX itself and not the user names and passwords of dial-up users serviced by the device.
The following 'snmpwalk' command can reportedly be used:
snmpwalk CVX-IP-ADD-RESS public .1
The vendor has reportedly been notified.
|
Impact:
A remote user can obtain user account names and passwords for locally configured telnet accounts.
|
Solution:
The vendor issued a fix. It is reported that Product Bulletin No. DB022002-1, Issue 3 advises that a software code update (patch) has been issued for Version 3.6.3P25, and recommends an upgrade from 3.6.3P24 to that version. The bulletin also reportedly gives recommended mitigating practices in case an immediate upgrade is not possible.
Nortel has provided information about the CERT Advisory-related SNMP vulnerabilities and their status for all Nortel Networks at the following URL:
http://www.nortelnetworks.com/corporate/technology/snpmv1.html
To obtain Product Bulletin No. DB022002-1, Issue 3, you can reportedly contact Nortel Networks Global Technical Support:
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907 9009
Contacts for other regions are available at:
http://www.nortelnetworks.com/help/contact/global
According to the vendor, this vulnerability was fixed as part of a patch for the recently reported SNMP vulnerabilities (documented in CERT Advisory CA-2002-03).
|
Vendor URL: www.nortelnetworks.com/corporate/technology/snpmv1.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 19 Apr 2002 15:17:47 -0400
Subject: Re: Nortel CVX 1800s will dump all local user names and passwords
|
RE: Bugtraq archives at http://online.securityfocus.com/archive/1/267627
This vulnerability was addressed during Nortel Networks' response to
CERT Advisory CA-2002-03 (Multiple Vulnerabilities in Many
Implementations of SNMP).
Product Bulletin No. DB022002-1, Issue 3 advises that a software code
update (patch) has been issued for Version 3.6.3P25, and recommends an
upgrade from 3.6.3P24 to that version. The bulletin also gives
recommended mitigating practices in case an immediate upgrade is not
possible.
For a comprehensive overview of all Nortel Networks products and their
status with respect to CERT Advisory CA-2002-03 please go to
http://www.nortelnetworks.com/corporate/technology/snpmv1.html .
Product Bulletin No. DB022002-1, Issue 3 may be obtained by contacting
Nortel Networks Global Technical Support:
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907 9009
Contacts for other regions are available at
http://www.nortelnetworks.com/help/contact/global .
|
|
