セキュリティホール情報<2002/02/15>
<プラットフォーム共通>
▼ SNMP
SNMP に 複数のセキュリティホール
http://sid.softek.co.jp/loPrint.html?vg=1&htmlid=1022
脆弱性と脅威
セキュリティホール・脆弱性
▼ SNMP
SNMP に 複数のセキュリティホール
http://sid.softek.co.jp/loPrint.html?vg=1&htmlid=1022
SNMP は実装上の原因により、バッファオーバーフローやフォーマットストリングバグなどが存在します。攻撃者にこの弱点を利用された場合、リモートから root 権限を奪取されたり、任意のコードを実行されたり DoS攻撃を受ける可能性があります。
□ 関連情報:
CERT Coordination Center (CERT/CC)
CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)
http://www.cert.org/advisories/CA-2002-03.html
Multiple vulnerabilities in SNMPv1 request handling
http://www.kb.cert.org/vuls/id/854306
Multiple vulnerabilities in SNMPv1 trap handling
http://www.kb.cert.org/vuls/id/107186
CIAC (Computer Incident Advisory Capability)
M-042: Multiple Vulnerabilities in Multiple Implementations of SNMP
http://www.ciac.org/ciac/bulletins/m-042.shtml
The NET-SNMP Project Home Page
http://www.net-snmp.org/
IPA
広範囲に該当する SNMP の脆弱性について
http://www.ipa.go.jp/security/ciadr/20020213snmp.html
IPA
IPA、ネットワーク管理プロトコルSNMPの実装に複数の脆弱性
(CA-2002-03,CIAC M-042)掲載
http://www.ipa.go.jp/security/index.html
Cisco Security Advisory
Malformed SNMP Message-Handling Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml
Cisco Security Advisory
Malformed SNMP Message-Handling Vulnerabilities Cisco Non-IOS Products
http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-non-ios-pub.shtml
FreeBSD Security Advisories
FreeBSD-SA-02:11 ucd-snmp/net-snmp remotely exploitable vulnerabilities
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/933
Microsoft TechNet
MS02-006 Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-006.asp
Sun Microsystems, Inc. Security Bulletin
#00215 snmpdx
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/215&type=0&nav=sec.sba
Red Hat Linux Errata Advisory
RHSA-2001:163-20 Updated ucd-snmp packages available
http://www.redhat.com/support/errata/RHSA-2001-163.html
Common Vulnerabilities and Exposures (CVE)
CAN-2002-0012
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012
Common Vulnerabilities and Exposures (CVE)
CAN-2002-0013
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013
CERT/CC Vulnerability Note
VU#107186 Multiple vulnerabilities in SNMPv1 trap handling
http://www.kb.cert.org/vuls/id/107186
CERT/CC Vulnerability Note
VU#107186 Multiple vulnerabilities in SNMPv1 request handling
http://www.kb.cert.org/vuls/id/854306
Internet Security Systems Security Alert
PROTOS Remote SNMP Attack Tool
http://www.iss.net/security_center/alerts/advise110.php
SecurityFocus
Open UNIX, UnixWare 7: snmpd memory fault vulnerabilities
http://www.securityfocus.com/advisories/3865
LinuxSecurity
FreeBSD: 'snmp' Multiple remote vulnerabilities
http://www.linuxsecurity.com/advisories/freebsd_advisory-1890.html
LinuxSecurity
Updated ucd-snmp packages available
http://www.linuxsecurity.com/advisories/redhat_advisory-1891.html
Debian GNU/Linux ─ Security Information 2002/02/14 追加
DSA-111-1 ucd-snmp: remote exploit
http://www.debian.org/security/2002/dsa-111
LinuxSecurity
Multiple remote ucd-snmp vulnerabilities
http://www.linuxsecurity.com/advisories/other_advisory-1895.html
LinuxSecurity
YDL: 'ucd-snmp' Multiple remote vulnerabilities
http://www.linuxsecurity.com/advisories/other_advisory-1894.html
<Microsoft>
▽ Internet Explorer
Internet Explorerで、
《ScanNetSecurity》