| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> [sans@sans.org: SANS FLASH ALERT: Widespread SNMP Vulnerability]
Oracle does not seem to be listed, but you got to wonder what code they based their snmp stuff on. You may want to nudge you sysadmin in the ribs, also.
Date: Tue, 12 Feb 2002 12:30:06 -0700 (MST) To: Ray Stell <stellr_at_vt.edu>(SD569668)
SANS FLASH ALERT: Widespread SNMP Vulnerability 1:30 PM EST 12 February, 2002
To: Ray Stell (SD569668)
Note: This is preliminary data! If you have additional information, please send it to us at snmp_at_sans.org
In a few minutes wire services and other news sources will begin breaking a story about widespread vulnerabilities in SNMP (Simple Network Management Protocol). Exploits of the vulnerability cause systems to fail or to be taken over. The vulnerability can be found in more than a hundred manufacturers' systems and is very widespread - millions of routers and other systems are involved.
As one of the SANS alumni, your leadership is needed in making sure that all systems for which you have any responsibility are protected. To do that, first ensure that SNMP is turned off. If you absolutely must run SNMP, get the patch from your hardware or software vendor. They are all working on patches right now. It also makes sense for you to filter traffic destined for SNMP ports (assuming the system doing the filtering is patched).
To block SNMP access, block traffic to ports 161 and 162 for tcp and udp. In addition, if you are using Cisco, block udp for port 1993.
The problems were caused by programming errors that have been in the SNMP implementations for a long time, but only recently discovered.
CERT/CC is taking the lead on the process of getting the vendors to get their patches out. Additional information is posted at http://www.cert.org/advisories/CA-2002-03.html
A final note.
Turning off SNMP was one of the strong recommendations in the Top 20 Internet Security Threats that the FBI's NIPC and SANS and the Federal CIO Council issued on October 1, 2001. If you didn't take that action then, now might be a good time to correct the rest of the top 20 as well as the SNMP problem. The Top 20 document is posted at http://www.sans.org/top20.htm
--
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists --------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Tue Feb 12 2002 - 14:08:05 CST
 |
 |