[13914] in bugtraq
AIX SNMP Defaults (fwd)
daemon@ATHENA.MIT.EDU (Dave G.)
Fri Feb 18 02:00:02 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10002171126180.23433-100000@www.ksrt.org>
Date: Thu, 17 Feb 2000 11:33:54 -0500
Reply-To: dhg@KSRT.ORG
From: "Dave G." <dhg@KSRT.ORG>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
> It appears that on the above releases of AIX, the SNMP daemon is enabled
> by default and two community names are enabled with read/write
> privileges.
> The community names are "private" and "system", but are only allowed
> from localhost connections. Nevertheless, a local user may install an
> SNMP client, and modify sensitive variables.
>
Since SNMP is UDP based, it is possible that you can spoof snmp set
requests provided that:
1) There are no firewalls in between.
2) snmpd doesnt have any code to detect which interface an SNMP packet
came in on (not likely).
From your output, it looks like the system community might be limited to a
certain set of variables that it can read/write. (depending on what view
name means)
Dave G.
<daveg@ksrt.org>
http://www.ksrt.org/~daveg
http://www.ksrt.org
