F-Secure Security Bulletin FSC-2002-1
Unchecked Buffer in Microsoft SNMP Service Causes Security Risk

Date issued	2002-02-15
Revision history	FSC-2002-1.2 - 2002-02-25
Risk factor	Medium (Low/Medium/High/Critical)
Brief description	An unchecked buffer in the Microsoft SNMP service could enable arbitrary code to be run. To use the F-Secure SNMP extension, the Microsoft SNMP service must be installed.
Affected software	F-Secure Management Extensions (SNMP)
Affected versions	All versions
Affected platforms	All support Windows platforms
Bulletin location	http://www.F-Secure.com/support/security/fsc-2002-1.shtml

Issue:

According to Microsoft Security Bulletin MS02-006, "by sending a specially malformed management request to a system running an affected version of the SNMP service, an attacker could cause a denial of service. In addition, it is possible that he cause code to run on the system in LocalSystem context. This could potentially give the attacker the ability to take any desired action on the system."

To use the F-Secure SNMP extension, the Microsoft SNMP service must be separately installed by the customer. Thus any customer using the F-Secure SNMP extension is affected by the vulnerability in the Microsoft SNMP service.

Microsoft has released a patch to eliminate the vulnerability. F-Secure recommends that customers using the Microsoft SNMP service follow Microsoft's instructions and temporarily disable the SNMP service until the patch has been installed.

For more details, please refer directly to the Microsoft security bulletin:
http://www.microsoft.com/technet/security/bulletin/MS02-006.asp

Mitigating Factors:

• The SNMP service is never automatically installed by F-Secure products. The customer must separately install the Microsoft SNMP service.
• F-Secure provides the SNMP extension as an interface to third-party network management solutions. F-Secure Policy Manager does not use SNMP, and does not depend on SNMP being available.