| VID |
20007 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
Snmp |
| Detailed Description |
It is possible to obtain the list of processes of the remote host via SNMP and an Oracle SID name is obtained from the list of the processes. The Oracle SID (System IDentifier) is needed for remote access with creating database link via SQL*NET. It's sensitive information that can be used to a brute force attack.
* References:
http://www.securiteam.com/tools/6K00I0U3GM.html |
| Recommendation |
1. If SNMP is not required, disable the service.
- UNIX : Kill the snmp process found from the list of the processes and remove it from any RC scripts.
- Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
- Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name)
- Windows : Stop the SNMP service and change Startup type to Disabled (Execute services.msc -> Services -> SNMP Service)
2. If you need SNMP for network management, make sure it is properly configured with private community names
- Unix : Configure 'get-community-name' line in /etc/snmpd.conf
- Router : Type 'show config' and make sure 'snmp-community' is properly configured
- Windows : Configure the community name with private one (Execute services.msc -> Services -> SNMP Service -> 'Security' tab)
3. Filter incoming traffic to the 161/udp port |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
