Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft Windows NT & 2000 SNMP Registry Key Modification Vulnerability

From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Thu, 7 Dec 2000 22:46:42 -0800
Title:          Microsoft Windows NT & 2000 SNMP Registry Key Modification
                Vulnerability
BID:            2066
Published:      December 06, 2000
Vulnerable:     Microsoft Windows NT 4.0
                Microsoft Windows NT 4.0 Server
                Microsoft Windows NT 4.0 Server, Enterprise Edition
                Microsoft Windows NT 4.0 Server, Terminal Server Edition
                Microsoft Windows NT 2000 Professional
                Microsoft Windows NT 2000 Server
                Microsoft Windows NT 2000 Advanced Server

Discussion:


The SNMP service in Windows NT 4.0 and 2000 enables the remote management
of the computer. Loose permissions in the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters
allow malicious users with access to the registry to read the SNMP
community names stored in the ValidCommunities key value. This allows the
malicious users to manage the computer via SNMP.

The malicious users could also change the community names by modifying
the registry key thus denying authorized users access to the machine
via SNMP.

Solution:

Microsoft has released a patch which rectifies this issue:


Microsoft Windows NT 4.0 Intel:
  Microsoft patch Q265714i
  http://download.microsoft.com/download/winntsp/Patch/Q266794/NT4/EN-US/Q265714i.EXE

Microsoft Windows NT 2000 Intel:
  Microsoft patch Q266794_W2K_SP2_x86_en
  http://download.microsoft.com/download/win2000platform/Patch/Q266794/NT5/EN-US/Q266794_W2K_SP2_x86_en.EXE

Credit:

Discovered by Chris Anley from @stake (http://www.atstake.com) and posted in a
Microsoft Security Bulletin (MS00-095) and (MS00-096) on Dec 6, 2000.

Reference:

http://www.securityfocus.com/bid/2066
http://www.microsoft.com/technet/security/bulletin/ms00-095.asp
http://www.microsoft.com/technet/security/bulletin/ms00-096.asp
http://www.microsoft.com/technet/security/bulletin/fq00-095.asp
http://www.microsoft.com/technet/security/bulletin/fq00-096.asp

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Previous By Date Next
Previous By Thread Next

Current thread: