| VID |
20050 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
Active UDP ports is detected via SNMP. The active port may represent an incoming or outgoing session, or may simply be a service that is listening. A remote attacker can use this information to compromise the affected network resource.
* Platforms Affected:
All Platforms running SNMP service |
| Recommendation |
1. If SNMP is not needed in your environment, consider disabling SNMP service completely.
- Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
- Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name)
2. Filter all SNMP traffic (ports 161 and 162 UDP) from untrusted hosts.
3. Change default community strings
Most SNMP-enabled products ship with default community strings of "public" for read-only access and "private" for read-write access. Recommend that network administrators change these community strings to something of their own choosing.
4. Contact your vendor for patch and upgrade information. CERT Advisory CA-2002-03 includes details about the vulnerabilities and updates for many SNMP vendors. This document is available at http://www.cert.org/advisories/CA-2002-03.html |
| Related URL |
CVE-1999-0615 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
