| VID |
20018 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
The SNMP agent allows remote users to do an illegal operation for snmpEnableAuthenTraps object.
The snmpEnableAuthenTraps object indicates whether the SNMP entity is permitted to generate authenticationFailure traps. These SNMP authentication traps are a special type of security trap. When a SNMP agent receives a SNMP request, it verifies that the community string has privileges to set or get the OID (Object ID) information included in the SNMP request. If the community string is invalid, the agent sends a trap to each of the management hosts defined in the trap definition section of snmpd.conf. Generally, authentication traps are disabled.
Many SNMP agents can be configured to send a SNMP trap or notification to a management host when the agent receives SNMP messages that fail authentication tests. If the snmpEnableAuthenTraps object can be written, these notifications can be silenced, preventing the agent from issuing notification. |
| Recommendation |
1. If SNMP is not required, disable the service.
- UNIX : Kill the snmp process found from the list of the processes and remove it from any RC scripts.
- Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
- Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name)
- Windows : Stop the SNMP service and change Startup type to Disabled (IExecute services.msc -> Services -> SNMP Service)
2. If you need SNMP for network management, make sure it is properly configured with private community names
- Unix : Configure 'set-community-name' line in /etc/snmpd.conf
- Router : Type 'show config' and make sure 'snmp-community' is properly configured
- Windows : Configure the community name with private one (Execute services.msc -> Services -> SNMP Service -> 'Security' tab)
3. Filter incoming traffic to the 161/udp port |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
1799 (ISS) |
|
