| VID |
12001 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
The snmpd or device is seemed to be creashed by the PROTOS c06-SNMPv1 test suite req-enc-r1 1150. The PROTOS c06-SNMPv1 test suite, developed by the University of Oulu of Linnanmaa, Finland, was designed to send thousands of test-cases to SNMP daemons from a remote system in order to discover programming flaws or exploitable vulnerabilities. This tool has the immediate ability to crash SNMP daemons and hardware devices running SNMP. The circulation of this tool may lead to the widespread use of new exploits to crash or compromise vulnerable systems. SNMP is univerally present on the Internet as a network management protocol. Nearly every operating system, router, switch, cable or DSL modem, and firewall is shipped with an SNMP service.
This tool is extremely thorough and is perceived to be the most exhaustive SNMP testing tool available. It launches various combinations of six main types of test-cases:
- bit pattern exception
- BER (Basic Encoding Rules) encoding exception
- format string exception
- integer value exception
- missing symbol exception
- overflow exception
The effectiveness of the tool is increased by targeting broadcast addresses. As a result, the reach of the tool can be greatly extended by attacking many devices simultaneously.
* References:
http://online.securityfocus.com/bid/4089
http://www.iss.net/security_center/static/8115.php |
| Recommendation |
As workarounds:
1. Until a patch can be installed, disable the SNMP service service if it is running.
2. Contact their vendor to inquire about potential issues.
3. Install perimeter defenses in the form of a router with filtering capabilities, and personal firewall software with intrusion detection capabilities.
Refer to the following sites for the patches or fixes about various affected platforms:
- http://www.cert.org/advisories/CA-2002-03.html
- http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=solution&id=4089 |
| Related URL |
CVE-2002-0013 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
