GEN:SID | 1:1422 |
Message | SNMP community string buffer overflow attempt with evasion |
Summary | This event is generated when an attempt is made to issue an attack against a machine using SNMP v1.
|
Impact | Varies depending on the implementation. Ranges from Denial of Service (DoS) to code execution.
|
Detailed Information | SNMP is a widely adopted protocol for managing IP networks, including individual network devices, and devices in aggregate.
Several network devices come pre-installed with this protocol for management and monitoring.
A number of vulnerabilities exist in SNMP v1, including a community string buffer overflow, that will allow an attacker to execute arbitrary code or shutdown the service.
|
Affected Systems | Any implementation of SNMP v1 protocol |
Attack Scenarios | An attacker needs to send a specially crafted packet to UDP port 161 of a vulnerable device, causing a Denial of Service or execution of any command.
|
Ease of Attack | Simple.
|
Corrective Action | Disable SNMP v1 protocol, use SNMP v2 protocol.
Use Ingress/Egress filtering on a packet filtering firewall.
|
Additional References | CERT: http://www.cert.org/advisories/CA-2002-03.html
|
Rule References | bugtraq: 4088
bugtraq: 4089
bugtraq: 4132
cve: 2002-0012
cve: 2002-0013
url: www.cert.org/advisories/CA-2002-03.html
|