[13966] in bugtraq
Re: AIX SNMP Defaults
daemon@ATHENA.MIT.EDU (Troy Bollinger)
Tue Feb 22 21:20:48 2000
Mail-Followup-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000221161442.A29738@austin.ibm.com>
Date: Mon, 21 Feb 2000 16:14:42 -0600
Reply-To: Troy Bollinger <troy@AUSTIN.IBM.COM>
From: Troy Bollinger <troy@AUSTIN.IBM.COM>
X-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0002171122280.28680-100000@dione.ids.pl>; from
lcamtuf@DIONE.IDS.PL on Thu, Feb 17, 2000 at 11:28:54AM +0100
Quoting Michal Zalewski (lcamtuf@DIONE.IDS.PL):
> On Tue, 15 Feb 2000, harikiri wrote:
>
> > It appears that on the above releases of AIX, the SNMP daemon is
> > enabled by default and two community names are enabled with read/write
> > privileges. The community names are "private" and "system", but are
> > only allowed from localhost connections. Nevertheless, a local user
> > may install an SNMP client, and modify sensitive variables.
>
> SNMP requests with no authentication except for source-IP comparsion, are
> spoofable.
>
All recent versions of AIX discard packets with a source address of
loopback when the packet comes in on an external interface. The
following APARs have been available for over 2 years:
Abstract: SECURITY: discard loopback packets on external interfaces
4.1.x APAR: IX71366
4.2.x APAR: IX71405
4.3.x APAR: included in 4.3.0 initial release
--
Troy Bollinger troy@austin.ibm.com
AIX Security Development security-alert@austin.ibm.com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
