Signature Detail

SNMP: Format String Exploit (TCP)

This signature detects attempts to exploit a known vulnerability in SNMP proxy servers. Attackers can include format string characters in a malformed SNMP message to take root control of the SNMP server.

Extended Description

Orinoco is the manufacturer of various wireless network components, including access points and network cards. It is possible to remotely gain access to the identification string used for configuration of OEM access points manufactured by Orinoco through SNMP. By sending a custom-crafted SNMP query to a vulnerable access point, the access point will return system credentials, including the identification string. This identification string can be used as the administrative community string.

Affected Products

• Compaq Wireless LAN WL310
• Proxim Orinoco Residential Gateway RG-1000

References

• BugTraq: 5436
• CVE: CVE-2005-1246
• URL: http://www.frsirt.com/exploits/20050429.Snmppd.c.php
• URL: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0075.html
• URL: http://www.securiteam.com/exploits/5HP090AFPS.html