[1740] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Apparent SNMP remote-root vulnerability.

daemon@ATHENA.MIT.EDU (Dan Reish)
Sun May 10 12:34:44 1998

Date: Sat, 09 May 1998 14:05:06 -0400 (EDT)
From: Dan Reish <dreish@izzy.net>
To: BUGTRAQ@NETSPACE.ORG, linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

I just had a remote root break-in on my machine (x86 running Red Hat Linux
5.0 with all the updates except for kernel-2.0.32-3) this morning at
06:03:28 EDT.  From what I've been able to gather, it appears to have been
through snmpd, which I missed when I was weeding out unused daemons.

Sorry for the feeble message, but all I know (or at least strongly
suspect) is that there's a vulnerability in Red Hat 5.0's cmu-snmp-3.4-3
when configured as shipped. I have a combination birthday/Mother's Day
party to get to, so I can't do much more investigating.

(In case anyone else has any similar experiences, connections were from
southshore.com and shell.dhp.com.  Someone from dionysus.publib.nf.ca did
a port scan of my machine on April 27 at 5 a.m. EDT.)

If this turns out to be a simple misconfiguration, then I'm an idiot for
posting this, but it should still not be possible to open up a system to
remote root access simply by installing a standard RPM.

--
Dan

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post