ISS X-Force Database: nt-snmp(21): SNMP community name is world readable by default

SNMP community name is world readable by default

nt-snmp (21)

Low Risk

Description:

The Simple Network Management Protocol (SNMP) reveals a large amount of information, including shares, usernames, and the status of running services. The only authentication available is by knowing the SNMP community name. If this information is readable by Everyone, an attacker could gather information that should only be available to administrative users.

Consequences:

Obtain Information

Remedy:

Remove the SNMP Service if it is not required. If your systems require SNMP, take steps to secure the SNMP community names using the Registry Editor and the control panel.

To remove the SNMP Service:

For Windows NT:
1. Open the Network control panel. (From the Start menu, select Settings, Control Panel, Network.)
2. Click the Services tab, and then select the SNMP service.
3. Click Remove, and then click OK to confirm the removal.
For Windows 2000:
1. Open the Control Panel. (From the Start menu, select Settings, Control Panel.)
2. Double-click Add/Remove Programs, and then double-click Add/Remove Windows Components in the left pane to open the Windows Components Wizard.
3. Select Management and Monitoring tools, and then click Details.
4. Clear the Simple Network Management Protocol checkbox, and then click OK to save the settings.

— OR —

Change the permissions on the ValidCommunities registry key, and configure SNMP security settings in the Control Panel.

To edit the registry so that only approved users can access the SNMP Community Name:

CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved.

Open Registry Editor. From the Windows Start menu, select Run, type regedt32, and click OK.
Select the HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities registry key.
From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
Set the permissions to permit only approved users access.

— AND —

To configure Windows SNMP security settings in the control panel:

Open the SNMP Service security settings, using the steps listed below, depending on your version of Windows.
Verify that your configuration contains the following security settings:
- At least one Accepted Community Name exists. Empty lists cause SNMP to accept requests from anyone. (This is discussed in Microsoft Knowledge Base Article Q99880. See References.)
- The Accepted Community Names are not default or easily guessed names, such as public.
- The Only Accept SNMP Packets from These Hosts option is selected, and one or more hosts, IP addresses, or IPX addresses are specified.
- Each host and community name in the lists is a valid, authorized destination.

To access the SNMP service security settings:

For Windows NT:
1. Open the Network control panel. (From the Start menu, select Settings, Control Panel, Network.)
2. Click the Services tab, select the SNMP Service, and then click Properties.
3. Click the Security tab.
For Windows 2000:
1. Open the Control Panel. (From the Start menu, select Settings, Control Panel.)
2. Select Administrative Tools, Services.
3. Double-click the SNMP service, and then click the Security tab.

References:

Microsoft Knowledge Base Article 99880: SNMP Agent Responds to Any Community Name.
Network Associates, Inc. COVERT Labs Security Advisory #30, November 17, 1998: Windows NT SNMP Security Permissions. (From Packet Storm archive)
Request for Comment document RFC 1157: A Simple Network Management Protocol (SNMP).
BID-2112: Microsoft Windows NT 4.0 SNMP Community Name Vulnerability
CVE-1999-0517: An SNMP community name is the default (e.g. public), null, or missing.

Platforms Affected:

Microsoft Windows 2000
Microsoft Windows 2003 Server
Microsoft Windows NT 4.0
Microsoft Windows XP

Reported:

Mar 01, 1997

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page