Date: Sun, 25 Mar 2001 11:53:52 +0200
From: Jacek Lipkowski <[email protected]>
To: [email protected]Subject: ILMI community in olicom/crosscomm routers
Crosscomm/Olicom routers have a undocumented community string ILMI
(yes, the same as in cisco :) that has read and write permissions (i
didn't check the whole tree, but you can set system.sysContact.0 for
example). This was checked on a XLT-F router with software 'XL 80 IM
Version 5.5 Build Level 2' (this was what it reported via snmp).
The vendor hasn't been notified, as it doesn't exist (olicom sold their
router business to Intel, don't know what happened to it later).
You can consider this a serious vulnerability, because people will find it
while looking for vulnerable cisco routers.
Jacek Lipkowski
