| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 4 Nov 2008 15:10:58 -0000 From: nnposter@...closed.not To: bugtraq@...urityfocus.com Subject: Aruba Mobility Controller SNMP Community String Disclosure Aruba Mobility Controller SNMP Community String Disclosure Product: Aruba Mobility Controller http://www.arubanetworks.com/products/mobility_controllers.php Aruba mobility controller can be monitored via SNMP. It is possible to learn all configured SNMP community strings as long as at least one of them is known to the attacker. This can be accomplished by walking OID branch SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3). While the vulnerability is not in any way exposing the Aruba controller itself, the disclosure may lead to unauthorized access to other devices for which the attacker originally did not possess valid community strings. Similarly it is possible to enumerate SNMPv3 users by inspecting SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB but the passwords are not disclosed. This means that only noAuthNoPriv users represent an immediate exposure. The vulnerability has been identified in ArubaOS version 3.3.2.6 but previous versions are also likely affected. Solution: Do not rely solely on SNMP community strings to separate access by different clients. Where impractical, use unique community strings for the Aruba infrastructure. Found by: nnposter
Powered by blists - more mailing lists