Bugtraq mailing list archives
Re[2]: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
From: "Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU>
Date: Fri, 10 Oct 2008 10:28:43 +0400
Dear lee.e.rian () census gov, Why do you think you can't do it with SNMP? An examples are settings DNS server option via DHCP (or DNS domain name for proxy server autodiscovery protocol) or even configuring a VPN tunnel for all traffic. I'm not sure about Tsunami, for Orinoco these settings are read/write: http://support.ipmonitor.com/mibs/ORINOCO-MIB/oids.aspx see e.g. oriDHCPServerPrimaryDNSIPAddress --Friday, October 10, 2008, 1:24:27 AM, you wrote to 3APA3A () SECURITY NNOV RU: lercg> -----"Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU> wrote: -----
What can you achieve with script injection you can not achieve with SNMP write access?
lercg> I don't know what you can actually achieve, but in addition to whatever you lercg> can do to/with the box you have SNMP write access for, it gives you a shot lercg> at the admin's machine. And maybe even a shot at everything that the lercg> admin's machine can talk to. lercg> Regards, lercg> Lee
--Thursday, October 9, 2008, 5:02:44 PM, you wrote to bugtraq () securityfocus com: PR> $ snmpset -v1 -c public 192.168.1.100 sysName.0 s '">><script>alert(1)</script>' -- ~/ZARAZA http://securityvulns.com/
-- ~/ZARAZA http://securityvulns.com/ Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен)
Current thread:
- PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection ProCheckUp Research (Oct 09)
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection Vladimir '3APA3A' Dubrovin (Oct 09)
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection lee . e . rian (Oct 09)
- Re[2]: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection Vladimir '3APA3A' Dubrovin (Oct 10)
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection ProCheckUp Research (Oct 10)
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection lee . e . rian (Oct 09)
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection Vladimir '3APA3A' Dubrovin (Oct 09)