manunkind
December 7, 2000, 02:28 am
Microsoft Security Bulletin (MS00-096)
Tool Available for “SNMP Parameters” Vulnerability
Originally posted: December 06, 2000
Summary
Microsoft has released a tool that corrects the permissions on several registry values in Microsoft® Windows® 2000. The default permissions could allow a malicious user to monitor or reconfigure certain devices on a network.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-096.asp
Issue
This vulnerability is virtually identical to the “SNMP Parameters” vulnerability affecting Windows NT® 4.0 systems and discussed in Microsoft Security Bulletin MS00-095. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SNMP\Parameters provides the SNMP community name and SNMP management station identifiers, if they exist. Reading this information would enable a malicious user to pose as a bona fide SNMP manager for any community her machine belonged to. Changing this information would enable her to create a community consisting solely of her local machine, as a way of gaining management privileges on it.
It should be noted that the information revealed by this vulnerability is normally transmitted in plaintext across SNMP-managed networks. As a result, even in the absence of incorrect registry permissions, a malicious user could carry out the same attack if she could monitor network communications. SNMP is not installed on Windows 2000 machines by default.
Affected Software Versions
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Patch Availability http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24500
Note: The Security Configuration and Analysis template provided in the patch can be applied to any Windows 2000 system.
Note Additional security patches are available at the Microsoft Download Center
------------------
Moderator at Help from Techs Support Forums (http://www.helpfromtechs.com)
Tool Available for “SNMP Parameters” Vulnerability
Originally posted: December 06, 2000
Summary
Microsoft has released a tool that corrects the permissions on several registry values in Microsoft® Windows® 2000. The default permissions could allow a malicious user to monitor or reconfigure certain devices on a network.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-096.asp
Issue
This vulnerability is virtually identical to the “SNMP Parameters” vulnerability affecting Windows NT® 4.0 systems and discussed in Microsoft Security Bulletin MS00-095. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SNMP\Parameters provides the SNMP community name and SNMP management station identifiers, if they exist. Reading this information would enable a malicious user to pose as a bona fide SNMP manager for any community her machine belonged to. Changing this information would enable her to create a community consisting solely of her local machine, as a way of gaining management privileges on it.
It should be noted that the information revealed by this vulnerability is normally transmitted in plaintext across SNMP-managed networks. As a result, even in the absence of incorrect registry permissions, a malicious user could carry out the same attack if she could monitor network communications. SNMP is not installed on Windows 2000 machines by default.
Affected Software Versions
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Patch Availability http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24500
Note: The Security Configuration and Analysis template provided in the patch can be applied to any Windows 2000 system.
Note Additional security patches are available at the Microsoft Download Center
------------------
Moderator at Help from Techs Support Forums (http://www.helpfromtechs.com)