Vulnerability

    Scorpion Marlin

Affected

    Scorpion Marlin (Nautica)

Description

    Christophe Grenier found following.   A 0 byte udp packet  sent to
    SNMP port (nmap -sU -p 161 pont-vesale) crashes the bridge.

        nef:~$ snmpwalk pv public system
        system.sysDescr.0 = "ScorpionMarlin"
        system.sysObjectID.0 = OID: enterprises.541.1
        system.sysUpTime.0 = Timeticks: (130641320) 15 days, 2:53:33.20
        system.sysContact.0 = "NoContact"
        system.sysName.0 = "PONT-VESALE"
        system.sysLocation.0 = "NoLocation"
        system.sysServices.0 = 15

    nmap documentation extract:

        -sU    UDP scans: This method is used to  determine  which
               UDP  (User  Datagram  Protocol,  RFC 768) ports are
               open on a host.  The technique is to  send  0  byte
               udp packets to each port on the target machine.  If
               we receive an ICMP port unreachable  message,  then
               the  port  is  closed.   Otherwise  we assume it is
               open.

    This is manufactured by Nautica from Bay Networks/Nortel.

Solution

    Nothing yet.