SNMP Vulnerability

dpatel · February 12, 2002, 6:26pm

SNMP Vulnerability:

In a few minutes wire services and other news sources will begin
breaking a story about widespread vulnerabilities in SNMP (Simple
Network Management Protocol). Exploits of the vulnerability cause
systems to fail or to be taken over. The vulnerability can be found in
more than a hundred manufacturers' systems and is very widespread -
millions of routers and other systems are involved.

Your leadership is needed in making sure that all systems for which you
have any responsibility are protected. To do that, first ensure that
SNMP is turned off. If you absolutely must run SNMP, get the patch from
your hardware or software vendor. They are all working on patches right
now. It also makes sense for you to filter traffic destined for SNMP
ports (assuming the system doing the filtering is patched).

Action:
To block SNMP access, block traffic to ports 161 and 162 for tcp and
udp. In addition, if you are using Cisco, block udp for port 1993.
http://www.cert.org/advisories/CA-2002-02.html

LivinFree · February 13, 2002, 1:19am

They have been talking about this on the Incidents mailing list since last Thursday.

I can't think of any real good reason to have your SNMP traffic reachable from any public network anyway...

Many vendors are already releasing patches (Sun, a few Linux vendors, SGI, etc...). Keep your eye out on Bugtraq and Incidents for more late-breaking news.