多家厂商SNMP实现中SNMPv1请求处理存在多个安全漏洞

漏洞信息详情

多家厂商SNMP实现中SNMPv1请求处理存在多个安全漏洞

• CNNVD编号：CNNVD-200205-001
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1570
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  2002-02-12
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  caldera
• 漏洞来源：
  Oulu University Se…

SNMP请求是管理系统给代理系统发送的消息，它们通常询问代理系统当前性能和配置信息，请求Management Information Base (MIB)的下一个SNMP对象，或者修改代理的配置。
许多SNMP的实现被发现了多个漏洞。这些漏洞发生在SNMP信息的解码和解释的处理上。
PROTOS小组开发的c06-SNMPv1测试工具已经发现众多厂商的SNMP实现中对SNMP请求的处理中存在大量的安全问题，攻击者可能通过GetRequest、GetNextRequest、SetRequest命令来使远程SNMP服务器崩溃甚至以SNMP服务器运行权限执行任意代码。各种受影响产品各自的影响程度各不一致。

临时解决方法：
如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 暂时关闭SNMP服务。如果您不需要SNMP服务，您应该立刻关闭它。

* 在边界路由器或者防火墙上限制对受保护网络的SNMP服务端口的访问。

通常需要限制的端口是：

snmp 161/udp # Simple Network Management Protocol (SNMP)

snmp 162/udp # SNMP system management messages

在某些受影响产品中，下列服务也需要进行限制：

snmp 161/tcp # Simple Network Management Protocol (SNMP)

snmp 162/tcp # SNMP system management messages

smux 199/tcp # SNMP Unix Multiplexer

smux 199/udp # SNMP Unix Multiplexer

synoptics-relay 391/tcp # SynOptics SNMP Relay Port

synoptics-relay 391/udp # SynOptics SNMP Relay Port

agentx 705/tcp # AgentX

snmp-tcp-port 1993/tcp # cisco SNMP TCP port

snmp-tcp-port 1993/udp # cisco SNMP TCP port

另外，某些和SNMP相关的RPC服务也可能需要限制：

snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk

snmpv2 100138 na.snmpv2 # SNM Version 2.2.2

snmpXdmid 100249

* 禁止来自未经授权的内部主机的SNMP访问。

由于通常只有少数管理主机需要进行SNMP访问，您可以在SNMP Agent主机上进行访问控制，禁止来自未经授权的内部主机的SNMP访问请求。

* 改变缺省SNMP口令。

改变缺省的只读和可写口令，例如”public”、”private”，可以防止部分的攻击。但是仍然有一些攻击甚至无需有效的口令。
厂商补丁：
3Com
—-
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

3com PS Hub 40 :

3com Upgrade psh02_16.exe

ftp://ftp.3com.com/pub/superstack-ii/superstack-ii-ps-hub-40/psh02_16.exe

3com PS Hub 50 :

3com Upgrade psf02_16.exe

ftp://ftp.3com.com/pub/superstack-ii/superstack-ii-ps-hub-50/psf02_16.exe

3com Dual Speed Hub :

3com Upgrade dsh02_16.exe

ftp://ftp.3com.com/pub/superstack-ii/superstack-ii-hub-500/dsh02_16.exe

3com Switch 1100 :

3com Upgrade s2s02_68.exe

ftp://ftp.3com.com/pub/superstack-ii/superstack-ii-1100/s2s02_68.exe

3com Switch 4400 :

3com Upgrade s3m02_02.exe

ftp://ftp.3com.com/pub/superstack_3/switch_4400/s3m02_02.exe

3com Switch 4900 :

3com Upgrade s3g02_04.exe

http://www.3com.com/en_US/layer3/register.html” target=”_blank”>
http://www.3com.com/en_US/layer3/register.html

3com Switch 3300 :

3com Upgrade s2s02_68.exe

ftp://ftp.3com.com/pub/superstack-ii/superstack-ii-1100/s2s02_68.exe

3com WebCache 1000 :

3com Upgrade s3b_02_00.bin

ftp://ftp.3com.com/pub/webcache/agents/s3b_02_00.bin

3com WebCache 3000 :

3com Upgrade s3b_02_00.bin

ftp://ftp.3com.com/pub/webcache/agents/s3b_02_00.bin
Caldera
——-
Caldera已经为此发布了一个安全公告(CSSA-2002-SCO.4)以及相应补丁:

CSSA-2002-SCO.4：Open UNIX, UnixWare 7: snmpd memory fault

链接：ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.4

补丁下载：

Caldera UnixWare 7:

Caldera OpenServer 5.0:

Caldera UnixWare 7.1.0:

Caldera Patch erg711937c.Z

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.4/erg711937c.Z

Caldera UnixWare 7.1.1:

Caldera Patch erg711937b.Z

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.4/erg711937b.Z

Caldera OpenUnix 8.0:

Caldera Patch erg711937.Z

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.4/erg711937.Z
Cisco
—–
Cisco已经为此发布了一个安全公告(Cisco-malformed-snmp-msgs-pub)以及相应补丁:

Cisco-malformed-snmp-msgs-pub：Malformed SNMP Message-Handling Vulnerabilities

链接：http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml” target=”_blank”>
http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml
Debian
——
Debian已经为此发布了一个安全公告(DSA-111-1)以及相应补丁:

DSA-111-1：Multiple SNMP vulnerabilities

链接：http://www.debian.org/security/2002/dsa-111” target=”_blank”>
http://www.debian.org/security/2002/dsa-111

补丁下载：

Debian Upgrade libsnmp4.1-dev_4.1.1-2.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1-dev_4.1.1-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1-dev_4.1.1-2.1_alpha.deb

Debian Upgrade libsnmp4.1_4.1.1-2.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1_4.1.1-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1_4.1.1-2.1_alpha.deb

Debian Upgrade snmp_4.1.1-2.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/snmp_4.1.1-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-alpha/snmp_4.1.1-2.1_alpha.deb

Debian Upgrade snmpd_4.1.1-2.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/snmpd_4.1.1-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-alpha/snmpd_4.1.1-2.1_alpha.deb

Debian Upgrade libsnmp4.1-dev_4.1.1-2.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1-dev_4.1.1-2.1_arm.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1-dev_4.1.1-2.1_arm.deb

Debian Upgrade libsnmp4.1_4.1.1-2.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1_4.1.1-2.1_arm.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1_4.1.1-2.1_arm.deb

Debian Upgrade snmp_4.1.1-2.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/snmp_4.1.1-2.1_arm.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-arm/snmp_4.1.1-2.1_arm.deb

Debian Upgrade snmpd_4.1.1-2.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/snmpd_4.1.1-2.1_arm.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-arm/snmpd_4.1.1-2.1_arm.deb

Debian Upgrade libsnmp4.1-dev_4.1.1-2.1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1-dev_4.1.1-2.1_i386.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1-dev_4.1.1-2.1_i386.deb

Debian Upgrade libsnmp4.1_4.1.1-2.1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1_4.1.1-2.1_i386.deb” ta=”” <=”” p=””>