Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SNMP vulnerability test?

From: "Jean-Luc" <Jean-Luc () Cavey org>
Date: Fri, 15 Feb 2002 00:10:24 +0100
Look at this : http://www.iss.net/security_center/alerts/advise110.php

The PROTOS Project is what you are looking for.

Jean-Luc Cavey
65, bd Brune
75014 Paris, France
+33 (0) 1 45 43 45 62
+33 (0) 6 15 93 77 96
E-Mail : Jean-Luc () Cavey org
ICQ/UIN : 122785712


================================
La presence de ce texte prouve que ce message
electronique a ete verifie par un logiciel anti-virus
à jour au moment de l'envoi.

The presence of this text proves that this e-mail
has been verified by an up-to-date anti-virus
software at the time of the sending.
================================

----- Original Message -----
From: "Marcelo Barbosa Lima" <mblima () opencs com br>
To: "Jason Craig" <craig () agdean ucdavis edu>; <Valdis.Kletnieks () vt edu>;
"Eric Brandwine" <ericb () UU NET>
Cc: "Davis Ray Sickmon, Jr" <midryder () midnightryder com>;
<incidents () lists securityfocus com>
Sent: Thursday, February 14, 2002 8:00 PM
Subject: RES: SNMP vulnerability test?


Hi folks,

These multi vendor vulnerabilities found and advertised in CERT
scare me. Do you think that it is possible that someone (in black hat
comunity) could to create a powerful worm exploring them? I think that
it is possible. Several network´s elements (routers, swiches...) and
operating systems could be compromised in the Internet quickly, instead
of only HTTP services like in Code Red. What do you think it?
Regards,

Marcelo.

-----Mensagem original-----
De: Jason Craig [mailto:craig () agdean ucdavis edu]
Enviada em: quarta-feira, 13 de fevereiro de 2002 15:28
Para: 'Valdis.Kletnieks () vt edu'; Eric Brandwine
Cc: Davis Ray Sickmon, Jr; incidents () lists securityfocus com
Assunto: RE: SNMP vulnerability test?

M$ is full of crap on this one...

We don't use SNMP for anything, and we're finding it randomly enabled on
a
number of workstations and nearly all win2k servers.  We are running
locked-down IIS and OWA, and for whatever reason, these services turn on
SNMP.  However, turning it off doesn't seem to hamper them.  So, the
obvious
logical question ensues: why do IIS and OWA (and possibly just win2k
server)
enable SNMP while not requiring SNMP to function properly?
Additionally,
why do some installs of wkstn enable SNMP while others do not?  I can
verify
nearly all of these instances as I am the one doing the installs (and
yes,
personal web server was never installed).

-jc

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Wednesday, February 13, 2002 9:55 AM
To: Eric Brandwine
Cc: Davis Ray Sickmon, Jr; incidents () lists securityfocus com
Subject: Re: SNMP vulnerability test?


On Wed, 13 Feb 2002 00:34:00 GMT, Eric Brandwine said:


What're they printing from?  I'd check that first.  The number of
win98/nt/2k hosts listening on SNMP is terrifying.


How did it get turned on?  Microsoft said in the CERT advisory:

     Summary:
     All  Microsoft  implementations  of  SNMP  v1  are  affected by the
     vulnerability.  The  SNMP v1 service is not installed or running by
     default on any version of Windows. A patch is underway to eliminate
     the  vulnerability.  In  the  meantime,  we recommend that affected
     customers disable the SNMP v1 service.

Is this like the "W2K doesn't install IIS, but if you upgraded a machine
that had Personal Webpage (or whatever it was) it will upgrade that to
IIS"?


--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: