Preface: SNMP community longLogo -Internet Security Systems

SNMP community long
advICE :Intrusions : 2002018
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

A buffer overflow attack may have been attempted against the SNMP service.

Details

Password-style authentication for SNMP is provided via the "community string". It is called a "community" because the password can be used by more than one person. In other words, it authenticates a community of people rather than a single person.

Normally, the community strings are short words. However, some systems are vulnerable to a buffer-overflow bug exploit if a very long string is detected.

Trigger

This alert triggers when a community string longer than 256 characters has been seen.

False Positives

In order to get around SNMP limitations, the community string has been "overloaded" with extra functionality. For example, when SNMP is "proxied" to non-TCP/IP systems, the community string may specify one of the sub-targets on the system. For example, "public@slot1" and "public@slot2" might be proxied to two independent agents at that IP address. As a result, community strings may get abnormally long.

 more information
advICE: SNMP  
This is the section for more information on SNMP.  
BugtraqID: 1882   Microsoft Network Monitor Multiple Buffer Overflow Vulnerabilities
 

 parametric information
lenLength of the community string
communitySNMP community

 
Version appeared: 2.5
Privacy Policy |  Copyright Info