| VID |
20012 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
Snmp |
| Detailed Description |
It is possible to obtain the list of processes of the remote host via SNMP. An attacker may use this information to gain more knowledge about the target host.
* References:
http://cgi.nessus.org/plugins/dump.php3?id=10550 |
| Recommendation |
1. If SNMP is not required, disable the service.
- UNIX : Kill the snmp process found from the list of the processes and remove it from any RC scripts.
- Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
- Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name)
- Windows : Stop the SNMP service and change Startup type to Disabled (Execute services.msc -> Services -> SNMP Service)
2. If you need SNMP for network management, make sure it is properly configured with private community names
- Unix : Configure 'get-community-name' line in /etc/snmpd.conf
- Router : Type 'show config' and make sure 'snmp-community' is properly configured
- Windows : Configure the community name with private one Execute services.msc -> Services -> SNMP Service -> 'Security' tab)
3. Filter incoming traffic to the 161/udp port |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
