[13916] in bugtraq
Re: AIX SNMP Defaults
daemon@ATHENA.MIT.EDU (Troy Bollinger)
Fri Feb 18 02:11:35 2000
Mail-Followup-To: harikiri <harikiri@ATTRITION.ORG>, BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000217085705.A21918@austin.ibm.com>
Date: Thu, 17 Feb 2000 08:57:06 -0600
Reply-To: Troy Bollinger <troy@AUSTIN.IBM.COM>
From: Troy Bollinger <troy@AUSTIN.IBM.COM>
X-To: harikiri <harikiri@ATTRITION.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSO.4.10.10002151819130.9777-100000@shaolin.fcbl.net>; from
harikiri@ATTRITION.ORG on Tue, Feb 15, 2000 at 06:58:06PM -0600
Quoting harikiri (harikiri@ATTRITION.ORG):
>
> It appears that on the above releases of AIX, the SNMP daemon is enabled
> by default and two community names are enabled with read/write privileges.
> The community names are "private" and "system", but are only allowed from
> localhost connections. Nevertheless, a local user may install an SNMP
> client, and modify sensitive variables.
>
This is fixed in AIX 4.3 with APAR IY04865 and was announced on the
Security_APARs mailing list from aixserv@austin.ibm.com in January.
Customers wishing to subscribe to this list should send email to
aixserv@austin.ibm.com with a subject of "Subscribe Security_APARs".
--
Troy Bollinger troy@austin.ibm.com
AIX Security Development security-alert@austin.ibm.com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
