GEN:SID | 1:1409 |
Message | SNMP community string buffer overflow attempt |
Summary | This event is generated when an attempt is made to attack a device using SNMP v1.
|
Impact | Varies depending on the implementation. Ranges from Denial of Service (DoS) to code execution.
|
Detailed Information | SNMP is a widely adopted protocol for managing IP networks, including individual network devices, and devices in aggregate.
Several network devices come pre-installed with this protocol for management and monitoring.
A number of vulnerabilities exist in SNMP v1, including a community string buffer overflow, that will allow an attacker to execute arbitrary code or shutdown the service.
|
Affected Systems | Any implementation of SNMP v1 protocol |
Attack Scenarios | An attacker needs to send a specially crafted packet to UDP port 161 of a vulnerable device, causing a Denial of Service or possible execution of arbitrary code.
|
Ease of Attack | Simple.
|
Corrective Action | Disable the SNMP v1 protocol, use SNMP v2 protocol as an alternative.
Disable the use of SNMP for devices that do not need it.
Use Ingress/Egress filtering on a packet filtering firewall.
|
Additional References | CERT: http://www.cert.org/advisories/CA-2002-03.html
|
Rule References | bugtraq: 4088
bugtraq: 4089
bugtraq: 4132
cve: 2002-0012
cve: 2002-0013
url: www.cert.org/advisories/CA-2002-03.html
|