SNMP_Get able to retrieve Public Community Name

snmp-get-public (1240) The risk level is classified as LowLow Risk

Description:

The SNMP default Public community name is specified, allowing anyone the ability to receive responses to queries from the system if they use this default value. An attacker can use SNMP to obtain valuable information about the system, such as information on network devices and current open connections.


Consequences:

Obtain Information

Remedy:

Disable or remove the SNMP Service if it is not required. If your systems require SNMP, take steps to secure the SNMP community names.

To disable or remove the SNMP Service:

For Windows NT:

  1. Open the Network control panel. (From the Start menu, select Settings, Control Panel, Network.)
  2. Click the Services tab, and then select the SNMP service.
  3. Click Remove, and then click OK to confirm the removal.

For Windows 2000:

  1. Open the Control Panel. (From the Start menu, select Settings, Control Panel.)
  2. Double-click Add/Remove Programs, and then double-click Add/Remove Windows Components in the left pane to open the Windows Components Wizard.
  3. Select Management and Monitoring tools, and then click Details.
  4. Clear the Simple Network Management Protocol checkbox, and then click OK to save the settings.

For Unix:
Disable SNMP as appropriate for your operating system. If SNMP is started from the rc script, comment it out.
As an example, to disable SNMP under Solaris 2.6, execute the following commands:
# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx

— OR —

If SNMP is required on your system, secure the SNMP community names. For Unix systems, refer to your SNMP documentation for information on securing SNMP community names. For Windows systems, secure SNMP community names using the Registry Editor and the control panel.

To edit the registry so that only approved users can access the SNMP Community Name:

CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved.

  1. Open Registry Editor. From the Windows Start menu, select Run, type regedt32, and click OK.
  2. Select the HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities registry key.
  3. From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
  4. Set the permissions to permit only approved users access.

— AND —

To configure Windows SNMP security settings in the control panel:

  1. Open the SNMP Service security settings, using the steps listed below, depending on your version of Windows.
  2. Verify that your configuration contains the following security settings:
    • At least one Accepted Community Name exists. Empty lists cause SNMP to accept requests from anyone. (This is discussed in Microsoft Knowledge Base Article Q99880. See References.)
    • The Accepted Community Names are not default or easily guessed names, such as public.
    • The Only Accept SNMP Packets from These Hosts option is selected, and one or more hosts, IP addresses, or IPX addresses are specified.
    • Each host and community name in the lists is a valid, authorized destination.

To access the SNMP service security settings:

  • For Windows NT:
    1. Open the Network control panel. (From the Start menu, select Settings, Control Panel, Network.)
    2. Click the Services tab, select the SNMP Service, and then click Properties.
    3. Click the Security tab.
  • For Windows 2000:
    1. Open the Control Panel. (From the Start menu, select Settings, Control Panel.)
    2. Select Administrative Tools, Services.
    3. Double-click the SNMP service, and then click the Security tab.

SNMP is a service which may be found on any network connected device, including hosts, printers, routers, switches, firewalls, access points, etc. We provide specific remedy information for a number of common cases. If your device is not covered by our remedy information you will need to check the specific documentation for the device or contact your vendor for more information.

References:

Platforms Affected:

  • Apple Mac OS
  • Cisco IOS
  • Compaq Tru64
  • Data General DG/UX
  • IBM AIX
  • IBM OS2
  • IETF SNMP
  • Linux Kernel
  • Microsoft Windows 2000
  • Microsoft Windows 2003 Server
  • Microsoft Windows 95
  • Microsoft Windows 98
  • Microsoft Windows 98SE
  • Microsoft Windows Me
  • Microsoft Windows NT 4.0
  • Microsoft Windows XP
  • Novell NetWare
  • SCO SCO Unix
  • SGI IRIX
  • Sun Solaris
  • WindRiver BSDOS
  • HP-UX

Reported:

Not available

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page