Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Router worm exploiting poor SNMP security.

From: Lars Nygård <lars () SNART COM>
Date: Wed, 13 Dec 2000 15:58:16 -0000
Additional information
If you know the SNMP read/write community it should 
be no problem to upload files to Nortel routers. This is 
done today with Site Manager. I'm guessing this is 
done by enabling tftp. 

BayRS has it's own script language, which I believe 
can be used to write such a worm. What I'm not sure 
of is if it's possible to send SNMP packets with such 
a script. 

The problem would be to execute the script on a 
remote router. I'm not sure if this is possible. 
It's however possible to execute ping from a remote 
router with SNMP (again this can be done with Site 
Manager).
I'm guessing this might makes it possible to find an 
exploit. Perhaps by modifying the MIB entry  
wfIcmp.wfIcmpExecute.1. Only guessing here.

Anyone out there who got the answers?

-Lars Nygård
Previous By Date Next
Previous By Thread Next

Current thread: