MS06-074: SNMP Buffer Overflow (CVE2006-5583)
The Simple Network Manamgenet Protocol (SNMP) service is vulnerable to a buffer overflow. This service is typically used to manage network devices. Home users are not likely to have this service installed. However, many larger networks will use SNMP to controlle and monitor networked workstations and servers.
Accoridng to a note from Dave Aitel, Immunity released an exploit for this vulnerabilty to its customers.
In order to disable this service, or to check if it is running, use the "services" tab in your control pannel and make sure the 'SNMP Service' is not running. You will not see an entry for SNMP service if it is not installed.
This patch is a "patch now" for all networks that use SNMP. It runs as "system" and a succesfull exploit would provide an attacker with full access. The Microsoft bulletin only talks about port 161 UDP for this vulnerability. So one can assume that SNMP trap messages are not affected.
Common sense SNMP security (regardless of the vulnerability):
KB926247
CVE2006-5583
Accoridng to a note from Dave Aitel, Immunity released an exploit for this vulnerabilty to its customers.
In order to disable this service, or to check if it is running, use the "services" tab in your control pannel and make sure the 'SNMP Service' is not running. You will not see an entry for SNMP service if it is not installed.
This patch is a "patch now" for all networks that use SNMP. It runs as "system" and a succesfull exploit would provide an attacker with full access. The Microsoft bulletin only talks about port 161 UDP for this vulnerability. So one can assume that SNMP trap messages are not affected.
Common sense SNMP security (regardless of the vulnerability):
- block port 161/udp and 162/udp at your permiter (snmpv3 may use tcp).
- use a hard to guess community string (anything but "public").
- disable snmp listeners if you do not need them.
KB926247
CVE2006-5583
Keywords:
0 comment(s)
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments