HighCheck or Attack Name: Ascend-kill2 SNMP
A denial of service vulnerability exists in Ascend Pipeline and MAX networking equipment running Ascend operating systems 5.0A and 5.0Ap42, respectively. An attacker can send a malformed probe packet to the discard port of the router, which causes the router to lock up. A second issue allows an attacker to use SNMP and TFTP to capture the entire configuration file, including passwords and keys for the router.
While no immediate fix is available, it is possible to work around this problem by filtering out packets to the UDP discard port (port 9).
—AND—
Because SNMP write access on an Ascend router is equivalent to complete administrative access, you should choose a community name that is hard to guess.
—AND—
Check deployed Ascend equipment to make sure the equipment is not using default (or easily guessed) communities.
CIAC Information Bulletin I-038, Ascend Routing Hardware Vulnerabilities, http://ciac.llnl.gov/ciac/bulletins/i-038.shtml
Network Associates, Inc. Security Advisory #26, Security Issues with Ascend Routing Hardware, http://www.nai.com/nai_labs/asp_set/advisory/26_ascendrouter_adv.asp
