SNMP pentest vulnerability detected in Policy Server
search cancel

SNMP pentest vulnerability detected in Policy Server

book

Article ID: 275077

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

Running Policy Server configured with SNMP stack, this one allows:

 1) The "SNMP 'GETBULK' Reflection DDoS";
 2) Default SNMP Community Strings;
 3) SNMP Agent Default Community Name;

 

Cause

  1. Title : SNMP 'GETBULK' Reflection DDoS

    At first glance, it's recommended to disable this service if it isn't in use with the Policy Server (1).
    More, according to the same page above, the vulnerability concerns the Agent software, which one is provided by the Operating System (OS) (2).
    So said, only the software net-snmp version 5.4.2.1 and below are affected. This problem is outside the Policy Server code.

  2. Title: Default SNMP Community Strings

    As per Nessus documentation, this one affects the snmp service configuration, and as such is out of SiteMinder scope (3).

  3. Title : SNMP Agent Default Community Name

    This one is also out of SiteMinder scope and concerns only the service and its OS (4).

Resolution


These vulnerabilities are outside the Policy Server code.

Work with your Vendor support and/or OS Administrator to mitigate them.

 

Additional Information


(1)

     SNMP 'GETBULK' Reflection DDoS
     

(2)

     CVE-2008-4309
     

(3)

     2.2.24 Ensure default SNMP community strings don't exist
     

(4)

     SNMP Agent Default Community Name (public)