HPE Community
Operating System - HP-UX
1754386 Members
3122 Online
108813 Solutions
New Discussion юеВ

SNMP vulnerabilities

 
SOLVED
Go to solution
Fenglin
Regular Advisor

тАО11-25-2008 07:22 PM

тАО11-25-2008 07:22 PM

SNMP vulnerabilities

I have received the following vulnerabilities

1)SNMPv1Discovery: SNMP version 1 detected
2)SNMPv2Discovery: SNMP version 2 detected

Details are as follows
SNMP (Simple Network Management Protocol) is the primary standard for Internet network management. SNMP services are included
in almost every operating system, router, switch, cable or DSL modem, and firewall. Various implementations of SNMPv1 are vulnerable
to a wide range of attacks. Incorrectly formatted input in SNMP messages can crash the operating systems and devices that use SNMP.
These vulnerabilities may be possible to exploit remotely, allowing an attacker to compromise remote systems and devices. SNMP
packets containing invalid fields or data lengths can indicate an attack against SNMP.

What are the solutions available?I got referred to CERT Advisory CA-2002-03 but not sure what needs to be done.

Thanks a lot.
0 Kudos
Reply
21 REPLIES 21
TTr
Honored Contributor

тАО11-26-2008 10:33 AM

тАО11-26-2008 10:33 AM

Re: SNMP vulnerabilities

I assume this is in your HP network printers with jetdirect printservers. If you look in the CERT advisory under the vendor section you will see the following
JetDirect Firmware Version State
========================== =====
-->> X.08.32 and lower VULNERABLE
-->> (where X = A through K)
-->> X.21.00 and higher NOT vulnerable
-->> (where X = L through P)

You can upgrade the firmware on your printservers to version L.21.00 or higher.

If you don't use the SNMP service, you can disable it. Connect to the jetdirect printserver via telnet or a web browser and disable it. Not that not all jetdirect models allow you to disable it.
0 Kudos
Reply
Fenglin
Regular Advisor

тАО11-26-2008 06:13 PM

тАО11-26-2008 06:13 PM

Re: SNMP vulnerabilities

Hi

It has nothing to do with network printers. Our environments host websites. So we are mainly concerned with people who can hack into our systems. The vulnerabilities indicated are what need to be resolved.

For your necessary advice.

Regards
Feng Lin
0 Kudos
Reply
TTr
Honored Contributor

тАО11-27-2008 04:21 AM

тАО11-27-2008 04:21 AM

Re: SNMP vulnerabilities

You posted your question in the "prinservers" forum without any details.

So do you have SNMP running anywhere? SNMP could be running on any network device such as a server, a network printer, a network switch, a fiber switch, a disk array etc. You need to find out if you have it running and upgrade it as per the CERT alert and each vendor's recommendation. If you do not use the snmp service to get status information on each device you should turn it off.
0 Kudos
Reply
Fenglin
Regular Advisor

тАО11-28-2008 02:21 AM

тАО11-28-2008 02:21 AM

Re: SNMP vulnerabilities

Sorry..

SNMP version 2 is installed on the HP-UX servers and we have received the vulnerabilities indicated in my first post.

Does this mean I need to upgrade to version 3? Are there other alternatives? Any patches will solve this issue in SNMP version 2? We need snmp for monitoring purposes.

Regards
Feng Lin
0 Kudos
Reply
TTr
Honored Contributor

тАО11-28-2008 06:15 AM

тАО11-28-2008 06:15 AM

Re: SNMP vulnerabilities

What HP-UX version do you have? There are patches available and are mentioned in the advisory under the "Hewlett Packard" section.
http://www.cert.org/advisories/CA-2002-03.html

SOLUTION: Apply patches or implement workarounds. See below.
For HP-UX releases:
PHSS_26137 s700_800 HP-UX 10.20 OV EMANATE14.2 Agent
PHSS_26138 s700_800 HP-UX 11.X OV EMANATE14.2 Agent
PSOV_03087 Solaris 2.X EMANATE Release 14.2
For systems running OV NNM:
PHSS_26286 s700_800 HP-UX 10.20 ovtrapd large trap fix
PHSS_26287 s700_800 HP-UX 11.X ovtrapd large trap fix
PSOV_03100 Solaris 2.X ovtrapd large trap fix
NNM_00857 NT 4.X/Windows 2000 ovtrapd large trap fix
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО11-28-2008 10:48 PM

тАО11-28-2008 10:48 PM

Re: SNMP vulnerabilities

I have asked the moderators to move this to HP-UX > security.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО11-29-2008 03:39 PM

тАО11-29-2008 03:39 PM

Re: SNMP vulnerabilities

Do you actually use SNMP on these systems? If not, just turn off all the SNMP settings in the files: /etc/rc.config.d/Snmp*


Bill Hassell, sysadmin
0 Kudos
Reply
Fenglin
Regular Advisor

тАО11-30-2008 09:46 PM

тАО11-30-2008 09:46 PM

Re: SNMP vulnerabilities

Hi

Does patch PHSS_26138 solve the following vulnerabilitie

1) snmp: SNMP can reveal possibly sensitive information about hosts
2) Snmp Get Public Community: SNMP_Get able to retrieve Public Community Name
3) SnmpSysdescr: SNMP SysDescr variable can be returned from remote system

If no, what are the patches that solve the above errors?

FYI, my HP_UX servers are B.11.23.

Thanks a lot.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО12-01-2008 12:43 AM

тАО12-01-2008 12:43 AM

Re: SNMP vulnerabilities

>Does patch PHSS_26138 solve the following vulnerabilities?

It isn't for 11.23.

>what are the patches that solve the above errors?

Have you looked up CA-2002-03 so see what patches it suggests for HP-UX?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.