CVE-2003-0745
CVSS10.0
发布时间 :2003-10-20 00:00:00
修订时间 :2008-09-10 15:20:20
NMCOS    

[原文]SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server.


[CNNVD]Castle Rock Computing SNMPc v5/v6未授权远程访问漏洞(CNNVD-200310-048)

        
        SNMPc是一款分布式网络管理系统,适合管理中小型网络。
        SNMPc由于其弱验证协议实现,远程攻击者可以利用这个漏洞以超级用户权限访问SNMPc服务器。
        SNMPc分布式系统包含多个组件,服务器组件执行集中化计算机和维护数据库,包括配配置,网络拓扑,事件日志文件和用户信息。用户必须启动远程登录控制台或JAVA控制台查看和控制SNMPc系统。不过远程控制使用的验证机制相当简单,所以验证基于客户端完成。在登录过程中,在几个初始化交换后远程控制台发送用户名到服务器,服务器就会发送包含在ntuserdb.dat文件中的用户数据如用户名,实际名,电话号码,用户组进行应答,也包含用户加密的密码信息。攻击者可以利用这个信息获得验证信息。
        这个漏洞最终可使攻击者以超级用户权限访问SNMPc服务器。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:castle_rock_computing:snmpc:6.0.5
cpe:/a:castle_rock_computing:snmpc:5.1
cpe:/a:castle_rock_computing:snmpc:6.0
cpe:/a:castle_rock_computing:snmpc:6.0.8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0745
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0745
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200310-048
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2003-08/0340.html
(VENDOR_ADVISORY)  BUGTRAQ  20030825 SNMPc v5 and v6 remote vulnerability

- 漏洞信息

Castle Rock Computing SNMPc v5/v6未授权远程访问漏洞
危急 设计错误
2003-10-20 00:00:00 2005-10-20 00:00:00
远程  
        
        SNMPc是一款分布式网络管理系统,适合管理中小型网络。
        SNMPc由于其弱验证协议实现,远程攻击者可以利用这个漏洞以超级用户权限访问SNMPc服务器。
        SNMPc分布式系统包含多个组件,服务器组件执行集中化计算机和维护数据库,包括配配置,网络拓扑,事件日志文件和用户信息。用户必须启动远程登录控制台或JAVA控制台查看和控制SNMPc系统。不过远程控制使用的验证机制相当简单,所以验证基于客户端完成。在登录过程中,在几个初始化交换后远程控制台发送用户名到服务器,服务器就会发送包含在ntuserdb.dat文件中的用户数据如用户名,实际名,电话号码,用户组进行应答,也包含用户加密的密码信息。攻击者可以利用这个信息获得验证信息。
        这个漏洞最终可使攻击者以超级用户权限访问SNMPc服务器。
        

- 公告与补丁

        厂商补丁:
        Castle Rock Computing
        ---------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        SNMPc version 6.0:
        
        http://www.castlerock.com/download/fix821_608.zip
(vers 6.0.8)
        
        http://www.castlerock.com/download/fix821_605.zip
(vers 6.0.5)
        SNMPc version 5.1:
        
        http://www.castlerock.com/download/snmpc519.exe

- 漏洞信息

8360
SNMPc Client Side Password Disclosure
Remote / Network Access Authentication Management, Cryptographic
Loss of Integrity
Exploit Public

- 漏洞描述

SNMPc contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to encrypted passwords when a client attempts to authenticate with the server. The passwords are encrypted with a simple substitution cipher. The encrypted passwords are easily compromised, which may lead to a loss of integrity.

- 时间线

2003-08-25 Unknow
2003-08-25 Unknow

- 解决方案

Upgrade to version 5.1.9 or 6.0.9 as it has been reported to fix this vulnerability. Patches are also avilable for 6.0.5 and 6.0.8 if an upgrade is not possible.

- 相关参考

- 漏洞作者

- 漏洞信息

Castle Rock Computing SNMPc v5/v6 Unauthorized Remote Privileged Access Vulnerability
Design Error 8484
Yes No
2003-08-25 12:00:00 2009-07-11 11:56:00
The discovery of this vulnerability has been credited to "Alexander V. Nickolenko" <sawny@multimedia.ru>.

- 受影响的程序版本

Castle Rock Computing SNMPc 6.0.8
Castle Rock Computing SNMPc 6.0.5
Castle Rock Computing SNMPc 6.0
Castle Rock Computing SNMPc 5.1
Castle Rock Computing SNMPc 5.1.9

- 不受影响的程序版本

Castle Rock Computing SNMPc 5.1.9

- 漏洞讨论

A vulnerability in the authentication mechanism used by SNMPc has been discovered, potentially allowing for unauthorized remote access. The problem lies in the design of the mechanism, specifically the fact that all authentication routines are carried out within the client program. As such, an attacker may be capable of influencing the results of authentication by modifying a client program or reversing the encrypted password transmitted by the server.

The exploitation of this issue could ultimately allow for an attacker to gain unauthorized remote console access as the Administrator user, who by default has Supervisor privileges on affected servers.

This vulnerability affects SNMPc v5 and version v6.

- 漏洞利用

A proof of console exploit script has been made available "Alexander V. Nickolenko" &lt;sawny@multimedia.ru&gt;. A sample usage of this exploit is available in the attached message reference.

- 解决方案

Castle Rock Computing has created fixes to address this issue in specific 6.x releases, as well as a completely revised 5.x release which addresses this vulnerability. Users are advised to upgrade as soon as possible.

Fixes:


Castle Rock Computing SNMPc 5.1

Castle Rock Computing SNMPc 6.0.5

Castle Rock Computing SNMPc 6.0.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站