Enterasys Networks Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
- Vendor Information Help Date Notified: 10 Jan 2002
- Statement Date:
- Date Updated: 13 Feb 2002
Unknown. If you are the vendor named above, please contact us to update your status.
On 12-February-2002, CERT (http://www.cert.org) announced serious vulnerabilities in the SNMP implementations of virtually every networking vendor’s equipment. These vulnerabilities were discovered by a Finnish research group known as OUSPG, associated with Oulu University, and are documented in advisory CA-2002-03.
These vulnerabilities exist in all versions of SNMP (v1/v2c/v3) and can be used to cause SNMP implementations to behave in an unpredictable manner, resulting in denials of service or system failures.
Given the serious nature of these vulnerabilities, Enterasys is testing our product line to determine which products are affected. Patches for affected products will be made available to our customers. Please check the Enterasys Support web site periodically for further details and patch information.
Until these patches become available, Enterasys recommends that the following steps be taken to help reduce exposure to these vulnerabilities.
- Disable SNMP from interfaces through which SNMP commands should not be received, such as those providing connection from the Internet or Extranets
- Use Access Control Lists at the access edge to prevent SNMP traffic from unauthorized internal hosts from entering the network.
- Use management VLANs or out-of-band management to contain SNMP traffic and multicasts. These do not prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.
- Enable 802.1X port-locking and RADIUS to prevent unauthenticated users from attaching to the network.
- Use NetSight Policy Manager to automatically restrict the use of SNMP to authenticated, SNMP-authorized personnel.
- Update Dragon IDS signatures to help identify when these attacks are being used.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.