SNMP fix in W2k SP3

From: Tod Beardsley (todb@PLANB-SECURITY.NET)
Date: 10/30/02 

Date:         Wed, 30 Oct 2002 08:39:56 -0600
From: Tod Beardsley <todb@PLANB-SECURITY.NET>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Since it hasn't shown up on NTBugTraq yet...

http://www.nextgenss.com/advisories/snmp_dos.txt

"If the SNMP service is running on a Windows 2000 server, and the 'Print
Spooler' service is not running, repeatedly using SNMP queries to
obtain print queue related values in the LANMAN MIB will cause the SNMP
service to consume very large amounts of memory." [Chris Anley, NGSS]

Microsoft's Q:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q296815

Quick fix: Replace lmmib2.dll with SP3's version until you can schedule
a reboot to apply the entire SP3. Note this will cause complaints in
Windows File Protection. 

--
Tod Beardsley (GCIA, MCSE)
"It's okay to yell fire in a crowded theater
if the theater is actually on fire."

Relevant Pages

  • SNMP uses high CPU time
    ... We have a Windows 2000 Server running SP4. ... I installed SNMP and SNMP4W2K, ...
    (microsoft.public.win2000.general)
  • [NT] Unchecked Buffer in SNMP Service Could Enable Arbitrary Code Execution
    ... Simple Network Management Protocol is an Internet standard protocol ... All versions of Windows, except for Windows ME, provide an SNMP ... A patch is under development to eliminate the vulnerability. ...
    (Securiteam)
  • Re: SNMP Problem...
    ... > und Windows an sich nichts in der Richtung mitbringt... ... bei Server 2003 nicht allzuviel geändert haben dürfte. ... SNMP hat fürs System-Management nur geringe praktische Bedeutung, ...
    (microsoft.public.de.german.windows.server.networking)
  • Windows NT4.0 SNMP subagent
    ... I have a problem when deploying a SNMP subagent on Windows ... I used Windows SNMP Extension API to ... dll are missing from path". ...
    (microsoft.public.win32.programmer.networks)
  • [NT] Microsoft Windows 2000 SNMP Memory Utilization DoS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... If the SNMP service is running on a Windows 2000 server, ... repeatedly using SNMP queries to obtain ...
    (Securiteam)