[SlashRaid]

A huge flaw in Simple Network Manager Protocol (SNMP) was recently discovered by researchers at the University of Finland at Oulu. The flaw could allow hackers to shut down or gain control of devices using the protcol. The danger is huge and ranges from desktops to traffic management systems.


For more information and a partial list of vendor items that may be affected read the full CERT Advisory CA-2002-03


More info can also be found at the following:

SANS Institute
Wired News
The Register
The Register

(Edited by SlashRaid at 10:12 am on Feb. 13, 2002)
Two more links:

CAN-2002-0012
CAN-2002-0013

(Edited by SlashRaid at 12:55 pm on Feb. 13, 2002)

[SlashRaid]

Here is a quick update for any of you who may need it:


Microsoft Security Bulletin MS02-006 covers this for Microsoft® Windows® 95, 98, 98SE, Windows NT® 4.0, Windows 2000 or Windows XP systems that use SNMP. Thing is there is no patch available for it, still in development... Good ol' M$.


On the other hand....


Red Hat Advisory RHSA-2001:163-20 offers update packages for Red Hat Linux 6.2, 7, 7.1, and 7.2. Downloads are available at the advisory listed above.

[SlashRaid]

For anyone interested in some extremely deep reading, you can check out the PROTOS Project Report on the SNMP flaw. This is from the group at the University of Oulu who discovered the flaw.


PROTOS Test-Suite: c06-snmpv1 Report

[SlashRaid]

Another fresh update.

[SlashRaid]

SANS has released a scanning tool for WinNT/2K called SNMPing which will find SNMP daemons running on a TCP/IP network. It defaults to port 161, but you can enter the port of your choice.

In order to send bulletins about upgrades and bugs to users of the tool, SANS prefers that you e-mail them at [email protected] to get it. It's automated and takes only a minute to get a reply.

Also on Feb. 20, 2002 SANS and the Center for Internet Security will have a web broadcast w/ the tools main authors to show what the tool does and how to use it. It's set for 1:00 pm EST. A little more detail is offered here.

By the way, Microsoft has still not put a patch out yet. (11:00 am EST)
Good related read on the matter

Sources:

SANS
The Register

[SlashRaid]

Came across this article today. A lot of the SNMP vulnerabilities are still lurking out there still with no fix. A few aduit tools are refernced for those who may need them.

[SlashRaid]

Update:

Mandrake fix for ucp-snmp for packages 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1, Single Network Firewall 7.2.

Squid Proxy Cache Security Update for Squid-2.x up to and including 2.4.STABLE3 here or here.

FreeBSD Squid Update

[Vetritus03]

holy schmoly!  a one-man posting frenzy!  couldn't resist.

[SlashRaid]

Quote

Quote: from Vetritus03 on 2:58 am on Feb. 26, 2002
holy schmoly!  a one-man posting frenzy!  couldn't resist.

Here's one for Vet:

• Microsoft Security Bulletin MS02-006
  • Windows 2000 SNMP Patch
    
  • Windows XP SNMP Patch

Should of posted it earlier...... :wink:

More SNMP patches