GEN:SID 1:1422
Message SNMP community string buffer overflow attempt with evasion
Summary This event is generated when an attempt is made to issue an attack against a machine using SNMP v1.
Impact Varies depending on the implementation. Ranges from Denial of Service (DoS) to code execution.
Detailed Information SNMP is a widely adopted protocol for managing IP networks, including individual network devices, and devices in aggregate.

Several network devices come pre-installed with this protocol for management and monitoring.

A number of vulnerabilities exist in SNMP v1, including a community string buffer overflow, that will allow an attacker to execute arbitrary code or shutdown the service.
Affected Systems Any implementation of SNMP v1 protocol
    
Attack Scenarios An attacker needs to send a specially crafted packet to UDP port 161 of a vulnerable device, causing a Denial of Service or execution of any command.
Ease of Attack Simple.
Corrective Action Disable SNMP v1 protocol, use SNMP v2 protocol.

Use Ingress/Egress filtering on a packet filtering firewall.
Additional References CERT:
http://www.cert.org/advisories/CA-2002-03.html
Rule References bugtraq: 4088
bugtraq: 4089
bugtraq: 4132
cve: 2002-0012
cve: 2002-0013
url: www.cert.org/advisories/CA-2002-03.html