Security Incidents: Re: SNMP vulnerability test?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: SNMP vulnerability test?

From: Valdis.Kletnieks () vt edu
Date: Wed, 13 Feb 2002 12:55:13 -0500

On Wed, 13 Feb 2002 00:34:00 GMT, Eric Brandwine said:

What're they printing from?  I'd check that first.  The number of
win98/nt/2k hosts listening on SNMP is terrifying.


How did it get turned on?  Microsoft said in the CERT advisory:

     Summary:
     All  Microsoft  implementations  of  SNMP  v1  are  affected by the
     vulnerability.  The  SNMP v1 service is not installed or running by
     default on any version of Windows. A patch is underway to eliminate
     the  vulnerability.  In  the  meantime,  we recommend that affected
     customers disable the SNMP v1 service.

Is this like the "W2K doesn't install IIS, but if you upgraded a machine
that had Personal Webpage (or whatever it was) it will upgrade that to IIS"?


-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

By Date By Thread

Current thread:

Re: new SNMP vuln?, (continued)
- Re: new SNMP vuln? H C (Feb 07)
  - Re: new SNMP vuln? jason (Feb 12)
    - Re: new SNMP vuln? Arthur Donkers (Feb 12)
    - SNMP vulnerability test? Davis Ray Sickmon, Jr (Feb 12)
    - Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
    - Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
    - Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
    - Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
    - Re: SNMP vulnerability test? Chris Ess (Feb 13)
- RE: new SNMP vuln? Rob Keown (Feb 12)
  - Re: new SNMP vuln? Patrick Oonk (Feb 12)