Unchecked Buffer in SNMP Service New

A security vulnerability exists in the Simple Network Management Protocol (SNMP) agent service that parses incoming commands. By sending a specially malformed request, it could be possible to conduct a buffer overrun attack against an affected system.

Issue

Simple Network Management Protocol (SNMP) is an Internet standard protocol for managing disparate network devices such as firewalls, computers, and routers. All versions of Windows except Windows ME provide an SNMP implementation, which is neither installed nor running by default in any version.

A buffer overrun is present in all implementations. By sending a specially malformed management request to a system running an affected version of the SNMP service, an attacker could cause a denial of service. In addition, it is possible that he cause code to run on the system in LocalSystem context. This could potentially give the attacker the ability to take any desired action on the system.

Affected Products

• All versions of Windows except Windows ME

Solution

Patches are under development to eliminate the vulnerability. In the meantime, Microsoft recommends that customers who use the SNMP service disable it temporarily.

Patches are now available for some versions of Windows at:

• Windows 2000
• Windows XP

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: February 15, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<