Atmel SNMP Non Public Community String DoS Vulnerability Advisory Code: VIGILANTE-2001003 Release Date: December 21, 2001 Systems affected: Atmel Firmware 1.3 Tested on a WAP11 Syslink Wireless Access Point WPC11 Wireless network PC card (PCMCIA+PCI) Under Windows 2000 Systems not affected: Vendor released a more recent version of this software, but it is not known if it is vulnerable to this attack. We did not perform tests on this newer version. The problem: During some tests we noticed that the 1.3 version firmware contains a flaw that may result in a denial-of-service, preventing any new further request to be correctly handled by the device. If a SNMP read request is made with a community name different than "public" ( including NULL community string ) or an unknown OID, it leads to a denial of service even if the answer is correct ( ie the returned code error in the reply is ok ). Any SNMP request made to the Wireless Access Point is then denied. Reset of the appliance is necessary to recover normal functioning. Vendor status: Linsys was contacted October 30, 2001 and answered. They say that the 1.3 firmware for the WAP11 is a somewhat dated release. The current shipping version is 1.4g.5. Vulnerability Assessment: A test case to detect this vulnerability was added to SecureScan NX in the upgrade package of December 21, 2001. You can see the documentation of this test case 15471 on SecureScan NX web site at http://securescannx.vigilante.com/tc/15471 Fix: Vendor suggested the following : "for customers that have earlier versions, new code is available on our ftp site: ftp://ftp.linksys.com/pub/network/wap11fw14g5.exe. The new utility is also required to use this firmware, also available on our ftp site : ftp://ftp.linksys.com/pub/network/wap11sw.exe. These links are also published on our website at : http://www.linksys.com/download/firmware.asp under the wap11 section from the drop down." CVE: Common Vulnerabilities and Exposures group ( reachable at http://cve.mitre.org/ ) was contacted to get a candidat number. It will be included here when available. Credit: This vulnerability was discovered by Frederic Brouille, member of VIGILANTe. We wish to thank Atmel for their help in investigating this problem. Copyright VIGILANTe.com, Inc. 2001-12-21 Disclaimer: The information within this document may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any consequences whatsoever arising out of or in connection with the use or spread of this information. Any use of this information lays within the user's responsibility. Feedback: Please send suggestions, updates, and comments to isis@vigilante.com.
