<< Previous Next >>
Simple Network Management Protocol
It is possible to detect blocked interface queues with a Cisco IOS
Embedded Event Manager (EEM) policy. EEM provides event detection and
reaction capabilities on a Cisco IOS device. EEM can alert
administrators of blocked interfaces with email, a syslog message, or
a Simple Network Management Protocol (SNMP) trap.
A sample EEM policy that uses syslog to alert administrators of
blocked interfaces is available at Cisco Beyond, an online community
dedicated to EEM. A sample script is available at the following link:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01757418
Version: 3
HPSBMA02439 SSRT080082 rev.3 - HP OpenView SNMP Emanate Master Agent Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-06-15
Last Updated: 2010-07-14
Dear lee.e.rian@census.gov,
Why do you think you can't do it with SNMP? An examples are settings DNS
server option via DHCP (or DNS domain name for proxy server
autodiscovery protocol) or even configuring a VPN tunnel for all
traffic. I'm not sure about Tsunami, for Orinoco these settings are
read/write:
http://support.ipmonitor.com/mibs/ORINOCO-MIB/oids.aspx
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01757418
Version: 2
HPSBMA02439 SSRT080082 rev.2 - HP OpenView SNMP Emanate Master Agent Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-06-15
Last Updated: 2010-06-22
Problem Description:
A vulnerability has been found and corrected in hplip:
A flaw was found in the way certain HPLIP tools discovered devices
using the SNMP protocol. If a user ran certain HPLIP tools that search
for supported devices using SNMP, and a malicious user is able to send
specially-crafted SNMP responses, it could cause those HPLIP tools
to crash or, possibly, execute arbitrary code with the privileges of
the user running them (CVE-2010-4267).
F5 FirePass 1200 SNMP daemon DoS
Product: F5 FirePass 1200
http://www.f5.com/products/firepass/
The F5 FirePass 1200 SSL VPN appliance contains a denial-of-service vulnerability in the SNMP daemon. Traversing (walking) OID branch hrSWInstalled in HOST-RESOURCES-MIB (OID 1.3.6.1.2.1.25.6) will cause the daemon to crash. No analysis has been done to determine if the vulnerability is further exploitable.
Cisco IOS Embedded Event Manager (EEM) provides event detection and
reaction capabilities on a Cisco IOS device. It is possible to detect
blocked interface queues with an EEM policy. EEM can alert
administrators of blocked interfaces with email, a syslog message, or
a Simple Network Management Protocol (SNMP) trap.
A sample EEM policy that uses syslog to alert administrators of
blocked interfaces is available at Cisco Beyond, an online community
dedicated to EEM. A sample script is available at the following link:
=======
Summary
=======
Name: Unauthenticated Stack Overflow in SNMPc
Release Date: 30 April 2008
Reference: NGS00526
Discover: Wade Alcorn <wade@ngssoftware.com> and John Heasman
<john@ngssoftware.com>
Vendor: Castle Rock Computing
Systems Affected: SNMPc versions 7.1 and earlier
vulnerable operation will be vulnerable on the source UDP ports of
the probe and a responder will be vulnerable on the destination UDP
port used for the probe.
IP SLA probes can be configured using Simple Network Management
Protocol (SNMP). In that case, by default, the "show running
configuration" command will not include the IP SLA probe
configuration. The "show ip sla configuration" command can be used to
verify whether a probe has been configured either by the command line
or via SNMP.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Net-SNMP: Denial of Service
Date: November 20, 2007
Bugs: #198346
ID: 200711-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(computer lab) and production environments during several penetration tests.
There are two types of attacks featured in this paper which we believe
might be potentially new:
- Persistent XSS via SNMP
- Remote wardriving over the Internet
Additionally, the paper is full of other goodies such as:
2008/06/09 #2008-006 multiple SNMP implementations HMAC authentication spoofing
Description:
Some SNMP implementations include incomplete HMAC authentication code that
allows spoofing of authenticated SNMPv3 packets.
The authentication code reads the length to be checked from sender input,
this allows the sender to supply single byte HMAC code and have a 1 in 256
~ pcre-3.9-10.4.i386.rpm
~ b. Updated net-snmp Service Console package addresses denial of service
~ net-snmp is an implementation of the Simple Network Management
~ Protocol (SNMP). SNMP is used by network management systems to
~ monitor hosts. By default ESX has this service enabled and its ports
~ open on the ESX firewall.
~ A flaw was discovered in the way net-snmp handled certain requests. A
~ remote attacker who can connect to the snmpd UDP port could send a
Cisco IOS is vulnerable to a software flaw whereby the length of the
hostname of the router is not checked before being copied into a fixed
size memory buffer. This results in IOS crashing if the hostname is too
long, but could potentially result is arbitrary code execution. However,
the attacker must be able to control the hostname of the router, which
could be achieved via SNMP.
Technical Details:
When the LPD daemon is configured in Cisco IOS it listens on the default
LPD TCP port, 515. If connected to with a source TCP port of anything
Apr 15, 2010
I. BACKGROUND
Agent Extensibility (AgentX) Protocol was designed to address
interoperability issues with extensible SNMP agents. AgentX++ is a C++
implementation of the AgentX protocol. It is one of several C++ based
SNMP libraries developed by Frank Fock. For more information refer to
the URLs below.
http://www.agentpp.com/
In general, a standard system update will make all the necessary changes.
Details follow:
Sebastian Krahmer discovered that HPLIP incorrectly handled certain long
SNMP responses. A remote attacker could send malicious SNMP replies to
certain HPLIP tools and cause them to crash or possibly execute arbitrary
code.
Updated packages for Ubuntu 8.04 LTS:
1 net-analyzer/wireshark < 0.99.8 >= 0.99.8
Description
===========
Multiple unspecified errors exist in the SCTP, SNMP, and TFTP
dissectors.
Impact
======
On 1/9/2009 11:52 AM, Simon Richter wrote:
> SNMP communities are a safety, not a security measure. I know of very few
> SNMP implementations that have protections against brute force or
> dictionary attacks.
srsly? Passwords don't have much in the way of brute-force or
dictionary attack protection, but I wouldn't put my password in my
out-of-office message.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: net-snmp: Authorization bypass
Date: January 13, 2010
Bugs: #250429
ID: 201001-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
identify and detect a hung, extended, or indefinite TCP connection
that is caused by this vulnerability. The policy allows administrators
to monitor TCP connections on a Cisco IOS device. When Cisco IOS EEM
detects potential exploitation of this vulnerability, the policy can
trigger a response by sending a syslog message or a Simple Network
Management Protocol (SNMP) trap to clear the TCP connection. The example
policy provided in this document is based on a Tcl script that monitors
and parses the output from two commands at defined intervals, produces a
syslog message when the monitor threshold reaches its configured value,
and can reset the TCP connection.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Net-SNMP: Denial of Service
Date: January 21, 2009
Bugs: #245306
ID: 200901-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with certain HP Photosmart printers. These vulnerabilities could be exploited remotely for cross site scripting (XSS) or to gain unauthorized access to data or printer configuration information.
References: CVE-2011-1531 (webscan), CVE-2011-1532 (SNMP), CVE-2011-1533 (XSS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Photosmart D110 series
HP Photosmart B110 series
visual way the status and performance of several parameters from
different operating systems, servers, applications and hardware systems
such as firewalls, proxies, databases, web servers or routers.
It can be deployed in almost any operating system. It features remote
monitoring (WMI, SNMP, TCP. UDP, ICMP, HTTP...) and it can also use
agents. An agent is available for each platform. It can also monitor
hardware systems with a TCP/IP stack, such as load balancers, routers,
network switches, printers or firewalls.
This software has several servers that process and get information from
$val='NEW_VALUE';
without first escaping single quotes in NEW_VALUE;
As an example, the SNMP community string configuration accepts the following value as an allowed source of SNMP requests:
"none'.`touch /etc/foo`.'"
It is possible to craft URL links that would inject the code with a simple HTTP GET request. Cross-site attacks may leverage this vulnerability to make an arbitrary change to the BIG-IP appliance.
===========================================================
Ubuntu Security Notice USN-946-1 June 02, 2010
net-snmp vulnerability
CVE-2008-6123
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
* call-jacking - like making your phone dial numbers or even survey
room's sound where the phone resides
* obfuscation/encryption deficiencies
* UPnP, DHCP and mDNS problems - although not officially reported,
most devices are affected
* SNMP injection attacks due to poor SNMP creds.
* memory overwrites - well it is possible to overwrite the admin
password while being in memory and therefore be able to login as admin
* stealing config files
* cross-file upload attacks - this is within the group of csrf attacks
* remote war-driving - way cool
Apr 15, 2010
I. BACKGROUND
Agent Extensibility (AgentX) Protocol was designed to address
interoperability issues with extensible SNMP agents. AgentX++ is a C++
implementation of the AgentX protocol. It is one of several C++ based
SNMP libraries developed by Frank Fock. For more information refer to
the URLs below.
http://www.agentpp.com/
--------------------
C] crash in MgWTrap3
--------------------
The SNMP Trap Service other than binding the local TCP port 8888 and
the UDP 162 for collecting SNMP queries, binds also an additional UDP
port which changes each time the service is executed (uses the first
free available port).
Sending a packet (empty or with any desired content since it's not
important) directly to this port raises an exception which terminates
* Detect new systems in network.
* Checks for availability or performance.
* Raise alerts when something goes wrong.
* Allow to get data inside systems with its own lite agents (for almost every Operating System).
* Allow to get data from outside, using only network probes. Including SNMP.
* Get SNMP Traps from generic network devices.
* Generate real time reports and graphics.
* SLA reporting.
* User defined graphical views.
* Store data for months, ready to be used on reporting.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02436028
Version: 1
HPSBGN02501 SSRT071407 rev.1 - HP ProCurve 1800 Switches running SNMP, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-08-04
Last Updated: 2010-08-04
<<Previous Next>>
|
