| VID |
17041 |
| Severity |
30 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The SNMP service is running. An attacker can use SNMP (Simple Network Management Protocol) to gain valuable information about the system, such as information on network devices and current open connections when SNMP uses default words, such as public or private, for the community word. If no community is specified, then the SNMP server responds to queries from any system.
* References:
http://www.iss.net/security_center/static/262.php |
| Recommendation |
If you need SNMP for network management, make sure it is properly configured with private community names.
Disable SNMP if it is not needed. If the RPC daemon is started from inetd.conf, comment its entry by putting a # at the beginning of the line.
If it is started from the rc script, comment it out as appropriate for your operating system.
As an example for disabling SNMP under Solaris 2.6, execute the following commands:
# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
You may perform as below in order to disable.
1. First, kill the snmpd daemon in operation
2. Process Comment in the /etc/inetd.conf file
3. And if operates while booting from the rc script, find this to make corrections.
For instance, perform as follows in order to disable the SNMP in Solaris 2.6 or under.
# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name) |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
