Security Incidents mailing list archives
Re: SNMP vulnerability test?
From: Eric Brandwine <ericb () UU NET>
Date: 13 Feb 2002 18:19:08 +0000
"vk" == Valdis Kletnieks <Valdis.Kletnieks () vt edu> writes:
What're they printing from? I'd check that first. The number of win98/nt/2k hosts listening on SNMP is terrifying.
vk> How did it get turned on? Microsoft said in the CERT advisory: vk> Summary: vk> All Microsoft implementations of SNMP v1 are affected by the vk> vulnerability. The SNMP v1 service is not installed or running by vk> default on any version of Windows. A patch is underway to eliminate vk> the vulnerability. In the meantime, we recommend that affected vk> customers disable the SNMP v1 service. vk> Is this like the "W2K doesn't install IIS, but if you upgraded a vk> machine that had Personal Webpage (or whatever it was) it will vk> upgrade that to IIS"? Win2k Server does install and listen on snmpv1, public by default (at least our CDs of it do). I have no idea how or why it was enabled, but a little quick scanning turned up some scary results. Similarly, we disable snmpdx on all our Sun hardware. Several patches from Sun re-enable this service. They don't restart it, they just replace the /etc/rc3.d/S76snmpdx init script. So the next time the system boots, you get a happy surprise. ericb -- Eric Brandwine | There are only two truly infinite things, the universe UUNetwork Security | and stupidity. And I am unsure about the universe. ericb () uu net | +1 703 886 6038 | - Albert Einstein Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- new SNMP vuln? Gary Golomb (Feb 07)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
- Re: new SNMP vuln? James (Feb 07)
- Re: new SNMP vuln? H C (Feb 07)
- Re: new SNMP vuln? jason (Feb 12)
- Re: new SNMP vuln? Arthur Donkers (Feb 12)
- SNMP vulnerability test? Davis Ray Sickmon, Jr (Feb 12)
- Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
- Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
- Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
- Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
- Re: SNMP vulnerability test? Chris Ess (Feb 13)
- Re: new SNMP vuln? jason (Feb 12)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
- <Possible follow-ups>
- RE: new SNMP vuln? Rob Keown (Feb 12)
- Re: new SNMP vuln? Patrick Oonk (Feb 12)