<< Previous Next >>
SNMP
It is possible to detect blocked interface queues with a Cisco IOS
Embedded Event Manager (EEM) policy. EEM provides event detection and
reaction capabilities on a Cisco IOS device. EEM can alert
administrators of blocked interfaces with email, a syslog message, or
a Simple Network Management Protocol (SNMP) trap.
A sample EEM policy that uses syslog to alert administrators of
blocked interfaces is available at Cisco Beyond, an online community
dedicated to EEM. A sample script is available at the following link:
vulnerable operation will be vulnerable on the source UDP ports of
the probe and a responder will be vulnerable on the destination UDP
port used for the probe.
IP SLA probes can be configured using Simple Network Management
Protocol (SNMP). In that case, by default, the "show running
configuration" command will not include the IP SLA probe
configuration. The "show ip sla configuration" command can be used to
verify whether a probe has been configured either by the command line
or via SNMP.
1. General information
PRTG Traffic Grapher is a network monitoring solution, which helps
manage and classify bandwidth usage of a network by providing accurate
results about network traffic and usage trends in graphs and tables. The
software also supports SNMP (Simple Network Management Protocol). PRTG
Traffic Grapher is available at http://www.paessler.com.
In April 2009, Bkis discovered a vulnerability in PRTG Traffic Grapher.
A hacker might exploit this hole to insert malicious codes into links to
be executed in the user’ browsers, resulting in the loss of cookies,
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01757418
Version: 3
HPSBMA02439 SSRT080082 rev.3 - HP OpenView SNMP Emanate Master Agent Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-06-15
Last Updated: 2010-07-14
in my test it's necessary to load any other unsafe ActiveX component
first (tested on Windows 2003).
-------------------------------------
E] stack overflow in SNMP NetDBServer
-------------------------------------
Stack overflow caused by the copying of data chunks in a stack buffer:
0040303A |. 66:8B40 0A MOV AX,WORD PTR DS:[EAX+A] ; chunks
Cisco IOS Embedded Event Manager (EEM) provides event detection and
reaction capabilities on a Cisco IOS device. It is possible to detect
blocked interface queues with an EEM policy. EEM can alert
administrators of blocked interfaces with email, a syslog message, or
a Simple Network Management Protocol (SNMP) trap.
A sample EEM policy that uses syslog to alert administrators of
blocked interfaces is available at Cisco Beyond, an online community
dedicated to EEM. A sample script is available at the following link:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01757418
Version: 2
HPSBMA02439 SSRT080082 rev.2 - HP OpenView SNMP Emanate Master Agent Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-06-15
Last Updated: 2010-06-22
Hi,
On Fri, Jan 09, 2009 at 03:25:44PM -0500, Steve Shockley wrote:
>> SNMP communities are a safety, not a security measure. I know of very few
>> SNMP implementations that have protections against brute force or
>> dictionary attacks.
> srsly? Passwords don't have much in the way of brute-force or
> dictionary attack protection, but I wouldn't put my password in my
Dear lee.e.rian@census.gov,
Why do you think you can't do it with SNMP? An examples are settings DNS
server option via DHCP (or DNS domain name for proxy server
autodiscovery protocol) or even configuring a VPN tunnel for all
traffic. I'm not sure about Tsunami, for Orinoco these settings are
read/write:
http://support.ipmonitor.com/mibs/ORINOCO-MIB/oids.aspx
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01754877
Version: 1
HPSBMA02430 SSRT080094 rev.1 - HP OpenView Network Node Manager (OV NNM) Running SNMP and MIB, Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-06-09
Last Updated: 2009-06-09
(computer lab) and production environments during several penetration tests.
There are two types of attacks featured in this paper which we believe
might be potentially new:
- Persistent XSS via SNMP
- Remote wardriving over the Internet
Additionally, the paper is full of other goodies such as:
2008/06/09 #2008-006 multiple SNMP implementations HMAC authentication spoofing
Description:
Some SNMP implementations include incomplete HMAC authentication code that
allows spoofing of authenticated SNMPv3 packets.
The authentication code reads the length to be checked from sender input,
this allows the sender to supply single byte HMAC code and have a 1 in 256
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Net-SNMP: Denial of Service
Date: November 20, 2007
Bugs: #198346
ID: 200711-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
=======
Summary
=======
Name: Unauthenticated Stack Overflow in SNMPc
Release Date: 30 April 2008
Reference: NGS00526
Discover: Wade Alcorn <wade@ngssoftware.com> and John Heasman
<john@ngssoftware.com>
Vendor: Castle Rock Computing
Systems Affected: SNMPc versions 7.1 and earlier
identify and detect a hung, extended, or indefinite TCP connection
that is caused by this vulnerability. The policy allows administrators
to monitor TCP connections on a Cisco IOS device. When Cisco IOS EEM
detects potential exploitation of this vulnerability, the policy can
trigger a response by sending a syslog message or a Simple Network
Management Protocol (SNMP) trap to clear the TCP connection. The example
policy provided in this document is based on a Tcl script that monitors
and parses the output from two commands at defined intervals, produces a
syslog message when the monitor threshold reaches its configured value,
and can reset the TCP connection.
--------------------
C] crash in MgWTrap3
--------------------
The SNMP Trap Service other than binding the local TCP port 8888 and
the UDP 162 for collecting SNMP queries, binds also an additional UDP
port which changes each time the service is executed (uses the first
free available port).
Sending a packet (empty or with any desired content since it's not
important) directly to this port raises an exception which terminates
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with certain HP Photosmart printers. These vulnerabilities could be exploited remotely for cross site scripting (XSS) or to gain unauthorized access to data or printer configuration information.
References: CVE-2011-1531 (webscan), CVE-2011-1532 (SNMP), CVE-2011-1533 (XSS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Photosmart D110 series
HP Photosmart B110 series
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: net-snmp: Authorization bypass
Date: January 13, 2010
Bugs: #250429
ID: 201001-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cisco IOS is vulnerable to a software flaw whereby the length of the
hostname of the router is not checked before being copied into a fixed
size memory buffer. This results in IOS crashing if the hostname is too
long, but could potentially result is arbitrary code execution. However,
the attacker must be able to control the hostname of the router, which
could be achieved via SNMP.
Technical Details:
When the LPD daemon is configured in Cisco IOS it listens on the default
LPD TCP port, 515. If connected to with a source TCP port of anything
visual way the status and performance of several parameters from
different operating systems, servers, applications and hardware systems
such as firewalls, proxies, databases, web servers or routers.
It can be deployed in almost any operating system. It features remote
monitoring (WMI, SNMP, TCP. UDP, ICMP, HTTP...) and it can also use
agents. An agent is available for each platform. It can also monitor
hardware systems with a TCP/IP stack, such as load balancers, routers,
network switches, printers or firewalls.
This software has several servers that process and get information from
In general, a standard system update will make all the necessary changes.
Details follow:
Sebastian Krahmer discovered that HPLIP incorrectly handled certain long
SNMP responses. A remote attacker could send malicious SNMP replies to
certain HPLIP tools and cause them to crash or possibly execute arbitrary
code.
Updated packages for Ubuntu 8.04 LTS:
* Detect new systems in network.
* Checks for availability or performance.
* Raise alerts when something goes wrong.
* Allow to get data inside systems with its own lite agents (for almost every Operating System).
* Allow to get data from outside, using only network probes. Including SNMP.
* Get SNMP Traps from generic network devices.
* Generate real time reports and graphics.
* SLA reporting.
* User defined graphical views.
* Store data for months, ready to be used on reporting.
Apr 15, 2010
I. BACKGROUND
Agent Extensibility (AgentX) Protocol was designed to address
interoperability issues with extensible SNMP agents. AgentX++ is a C++
implementation of the AgentX protocol. It is one of several C++ based
SNMP libraries developed by Frank Fock. For more information refer to
the URLs below.
http://www.agentpp.com/
1 net-analyzer/nagios-plugins < 1.4.10-r1 >= 1.4.10-r1
Description
===========
fabiodds reported a boundary checking error in the "check_snmp" plugin
when processing SNMP "GET" replies that could lead to a stack-based
buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary
checking error in the redir() function of the "check_http" plugin when
processing HTTP "Location:" header information which might lead to a
buffer overflow (CVE-2007-5198).
1 net-analyzer/wireshark < 0.99.8 >= 0.99.8
Description
===========
Multiple unspecified errors exist in the SCTP, SNMP, and TFTP
dissectors.
Impact
======
~ pcre-3.9-10.4.i386.rpm
~ b. Updated net-snmp Service Console package addresses denial of service
~ net-snmp is an implementation of the Simple Network Management
~ Protocol (SNMP). SNMP is used by network management systems to
~ monitor hosts. By default ESX has this service enabled and its ports
~ open on the ESX firewall.
~ A flaw was discovered in the way net-snmp handled certain requests. A
~ remote attacker who can connect to the snmpd UDP port could send a
Apr 15, 2010
I. BACKGROUND
Agent Extensibility (AgentX) Protocol was designed to address
interoperability issues with extensible SNMP agents. AgentX++ is a C++
implementation of the AgentX protocol. It is one of several C++ based
SNMP libraries developed by Frank Fock. For more information refer to
the URLs below.
http://www.agentpp.com/
===========================================================
Ubuntu Security Notice USN-946-1 June 02, 2010
net-snmp vulnerability
CVE-2008-6123
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
* call-jacking - like making your phone dial numbers or even survey
room's sound where the phone resides
* obfuscation/encryption deficiencies
* UPnP, DHCP and mDNS problems - although not officially reported,
most devices are affected
* SNMP injection attacks due to poor SNMP creds.
* memory overwrites - well it is possible to overwrite the admin
password while being in memory and therefore be able to login as admin
* stealing config files
* cross-file upload attacks - this is within the group of csrf attacks
* remote war-driving - way cool
$val='NEW_VALUE';
without first escaping single quotes in NEW_VALUE;
As an example, the SNMP community string configuration accepts the following value as an allowed source of SNMP requests:
"none'.`touch /etc/foo`.'"
It is possible to craft URL links that would inject the code with a simple HTTP GET request. Cross-site attacks may leverage this vulnerability to make an arbitrary change to the BIG-IP appliance.
<<Previous Next>>
|
