| VID |
20003 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
Snmp |
| Detailed Description |
It was possible to obtain the list of network interfaces of the host via SNMP. An attacker may use this information to gain more knowledge about the target host.
* References:
http://www.iss.net/security_center/static/1795.php
http://www.cisco.com/warp/public/535/3.html |
| Recommendation |
1. If SNMP is not required, disable the service.
- UNIX : Kill the snmp process found from the process list and remove it from any RC scripts.
- Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
- Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name)
- Windows : Stop the SNMP service and change Startup type to Disabled (Execute services.msc -> Services -> SNMP Service)
2. If you need SNMP for network management, make sure it is properly configured with secure community names
- Unix : Configure 'get-community-name' line in /etc/snmpd.conf
- Router : Type 'show config' and make sure 'snmp-community' is properly configured
- Windows : Configure the community name with secure one (IExecute services.msc -> Services -> SNMP Service -> 'Security' tab)
3. Filter incoming traffic to the 161/udp port. If the agent supports View Access Control, limit the views that the agent may reveal. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
