14th Apr 2003 [SBWID-6143]
COMMAND
	Linsys BEFVP41 VPN router information leakage
SYSTEMS AFFECTED
	versions 1.40.3f and 1.40.4 tested positively
PROBLEM
	Branson Matheson [branson(at)windborne(dot)net] reported:
	While the following is not a critical vulnerability,  it  is  a  serious
	problem for those that are implementing these VPN routers in  production
	environments.
	The MIB information available from the default 'public'  community  name
	on the external interface of a Linksys VPN router  includes  information
	about the hosts  on  the  inside  of  the  protected  network  including
	routes, hardware addresses ( MAC ), and some configuration  information.
	What is NOT available include information about  the  VPN's  configured,
	any preshared keys, VPN routes, or endpoint IP's.
	 Testability
	 ===========
	install the net-snmp package  and  run  the  following  on  any  Linksys
	router that has not had it's community names altered:
	
	  snmpwalk -v 1 -c public {ip} 
	
	 Mitigating factor
	 =================
	Stefan Laudat [stefan(at)worldbank(dot)ro] reported that he never  found
	SNMP running on the external interface, even using the  router  directly
	out of the box:
	I'd kiss a frog if this was true. Actually I use over 50 of  these  toys
	in production and it would have made me very happy if I could  use  SNMP
	from outside the external interface. No surprise for me  that  the  tech
	support did not respond on your emails, it's likely that  they're  using
	outsourced software in their products, since I've had a nice  discussion
	some time ago with one of their support representative who  didn't  ever
	know what I was talking about when referring words like  'Crypto  engine
	failure','isakmp' etc I also have some bug issues  open  in  their  tech
	support, which remained unanswered until today.  What  I  know  is  they
	told me SNMP is *not* usable from outside,  and  I've  tested  this  for
	myself. All filters were off,  not  blocking  any  wan  request,  remote
	management on. Recently I've bought a new  one  which  contains  version
	1.40.5, still unreleased on the web site, so hang on for  this  release.
	Once again, don't rely on their support (which is stinky),  maybe  Cisco
	will fix this as they've bought them some weeks ago.
SOLUTION
	Change the community names configured in the 'password' section  of  the
	VPN routers web based config tool. There is no current  way  to  disable
	SNMP.