February 12, 2002 - Today CERT released a security alert that affects many different systems including Cisco routers, Microsoft products, Sun Solaris, Red Hat Linux and Juniper products, among others. This vulnerability can lead to a denial of service, service outage, or may allow an intruder to penetrate into your systems. Any of the vulnerable systems that are running SNMP need action taken immediately. These vulnerabilities have existed in SNMP for some time but were only recently discovered. Tools are known to exist in the wild to exploit these SNMP holes.
To protect your systems we recommend you stop all SNMP traffic from entering your network. Hackers use SNMP to gain information about your networks regularly, however, this exploit can allow hackers to gain access into your systems. These ports should be blocked:
- 161 TCP
- 161 UDP
- 162 TCP
- 162 UDP
- 1993 UDP
If you must run SNMP, we recommend that you apply the vendor-released patch as soon as possible. These patches are currently being developed.
For more information please visit http://www.cert.org/advisories/CA-2002-03.shtml or email questions to info@webfargo.com.