SNMP 'GETBULK' Reflection DDoS

medium Nessus Plugin ID 76474

Synopsis

The remote SNMP daemon is affected by a vulnerability that allows a reflected distributed denial of service attack.

Description

The remote SNMP daemon is responding with a large amount of data to a 'GETBULK' request with a larger than normal value for 'max-repetitions'. A remote attacker can use this SNMP server to conduct a reflected distributed denial of service attack on an arbitrary remote host.

Solution

Disable the SNMP service on the remote host if you do not use it.
Otherwise, restrict and monitor access to this service, and consider changing the default 'public' community string.

See Also

http://www.nessus.org/u?8b551b5c

Plugin Details

Severity: Medium

ID: 76474

File Name: snmp_getbulk_reflection_ddos.nasl

Version: 1.9

Type: remote

Family: SNMP

Published: 7/11/2014

Updated: 11/8/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2008-4309

Vulnerability Information

Required KB Items: SNMP/community

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-4309