[8425] in bugtraq
Re: ISS Security Advisory: Hidden community string in SNMP
daemon@ATHENA.MIT.EDU (Jean Chouanard)
Thu Nov 5 14:22:27 1998
Date: Wed, 4 Nov 1998 15:37:34 PST
Reply-To: Jean Chouanard <chouanard@PARC.XEROX.COM>
From: Jean Chouanard <chouanard@PARC.XEROX.COM>
X-To: X-Force <xforce@ISS.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.981102174610.10917D-100000@arden.iss.net>
Does anyone knows why the README of patch 106787-02 do not refer at all
this bug?
It correct incorrect 666 mode and unnecessary msg to console...
Does 106787-02 really correct this problem???
At 02:47 PM 11/2/98 -0800, someone using X-Force's login wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>ISS Security Advisory
>November 2nd, 1998
>
>Hidden community string in SNMP implementation
>
>Synopsis:
>
>Internet Security System (ISS) X-Force has discovered a serious vulnerability
>in Sun Microsystems Solstice Enterprise Agent and the Solaris operating
system.
>This vulnerability allows attackers to execute arbitrary commands with root
>privileges, manipulate system parameters and kill processes.
>
>Affected Systems:
>
>ISS X-Force has discovered that this vulnerability is present on the Solaris
>Operating System version 2.6. Earlier versions are vulnerable. Solaris 2.7
>beta is also not vulnerable.
>
>Fix Information:
>
>Sun has made the following patch available:
>
>106787-02: Solaris 5.6
>
>Many administrators have no need for host based SNMP agents. Administrators
>can disable the SNMP daemons temporarily by executing the following commands:
>
># /etc/init.d/init.snmpdx stop
># mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
>
>Description:
>
>The vulnerabilities are present in the SNMP daemons shipping with Solaris 2.6.
>Solaris 2.6 is configured by default to support SNMP. A hidden and
>undocumented community string is present in the SNMP subagent which may allow
>remote attackers change most system parameters. Remote attackers may kill any
>process, update routes, potentially sidestep firewalls or disable network
>interfaces. Most notably, attackers may indirectly execute arbitrary commands
>with superuser privileges.
>
>This vulnerability is compounded by the fact that these SNMP daemons are
>configured and executed by default. Attackers do not need local access to the
>target host to exploit this vulnerability.
>
>Additional Information:
>
>ISS Internet Scanner and ISS RealSecure real-time intrusion detection software
>have the capability to detect these vulnerabilities.
>
>- ----------
>
>Copyright (c) 1998 by Internet Security Systems, Inc.
>
>Permission is hereby granted for the redistribution of this alert
>electronically. It is not to be edited in any way without express consent
>of X-Force. If you wish to reprint the whole or any part of this alert in
>any other medium excluding electronic medium, please e-mail xforce@iss.net
>for permission.
>
>Disclaimer
>The information within this paper may change without notice. Use of this
>information constitutes acceptance for use in an AS IS condition. There are
>NO warranties with regard to this information. In no event shall the author
>be liable for any damages whatsoever arising out of or in connection with
>the use or spread of this information. Any use of this information is at
>the user's own risk.
>
>X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as
>well as on MIT's PGP key server and PGP.com's key server.
>
>X-Force Vulnerability and Threat Database: http://www.iss.net/xforce
>
>Please send suggestions, updates, and comments to:
>X-Force <xforce@iss.net> of Internet Security Systems, Inc.
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3a
>Charset: noconv
>
>iQCVAwUBNj4p8TRfJiV99eG9AQEABAQAoiiMDK/lRoYk9OmVvQjPe3asJ+++foIR
>6U41EtCXF4R38po2GtBeIA8C2XCgAEzbs+dfawJJx2emgecuJSIMrg0byhPesgxn
>jgAtL/j3k7R2rf+Qp6pIwgJ6pWQiF86H812HwUVbOaE+BBfyUPpxlPWtNrGVFqcb
>Rs6dobk2GZg=
>=XX5W
>-----END PGP SIGNATURE-----
- jean -
