[8437] in bugtraq
Re: ISS Security Advisory: Hidden community string in SNMP
daemon@ATHENA.MIT.EDU (Roland Grefer)
Fri Nov 6 13:23:10 1998
Date: Thu, 5 Nov 1998 16:25:20 -0500
Reply-To: Roland Grefer <btirg@ui.uis.doleta.gov>
From: Roland Grefer <btirg@UI.UIS.DOLETA.GOV>
X-To: Jean Chouanard <chouanard@PARC.XEROX.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <4.1.19981104153331.00abbcc0@mailback.parc.xerox.com>
> At 02:47 PM 11/2/98 -0800, someone using X-Force's login wrote:
> >
> >ISS Security Advisory
> >November 2nd, 1998
> >
> >Hidden community string in SNMP implementation
The community string in the SNMP implementation actually is NOT hidden,
but rather accessible in plain text form in
/etc/snmp/conf/snmp.conf
(by default there, or another location when modified; snmpdx usually
should be started with the "-c /pathname/snmp.conf" option to control
which configuration file is being used.
The relevant entries are the strings assigned to
system-group-read-community public
system-group-write-community private
read-community public
write-community private
It is recommended that these "passwords" be changed from their default
values (above: public/private) to avoid security compromises.
> >ISS X-Force has discovered that this vulnerability is present on the Solaris
> >Operating System version 2.6. Earlier versions are vulnerable. Solaris 2.7
> >beta is also not vulnerable.
Could anybody please clarify which versions are deemed vulnerable and
which ones are "also not"?
> >Sun has made the following patch available:
> >
> >106787-02: Solaris 5.6
Sun does NOT claim this patch to fix any of the issues stated in the ISS
advisory.
In fact, the above patch fixes different vulnerabilities in snmpdx, which
could be exploited by a DoSA or malicious user
pre-patch it deletes an agent from the agent table when queried
with an incorrect "read string"
a couple of (configuration) files are installed wrold writable
> >ISS Internet Scanner and ISS RealSecure real-time intrusion detection software
> >have the capability to detect these vulnerabilities.
Could it be that this advertising was a/the hidden agenda?
Regards,
Roland
--
- - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - -
Roland Grefer | Department of Labor | Ph: +1-202-219-8432x365
Senior Systems Analyst | Nat'l Office ETA/UIS/DIT | Fx: +1-202-219-8506
-=|=- -=|=- -=|=- -=|=-| 200 Constitution Ave, NW | -=|=- -=|=- -=|=- -=|=-
Base Technologies, Inc | Washington, DC 20210 | btirg@uis.doleta.gov
- - - - - - - - - - - - - - Speaking for myself - + - - - - - - - - - - - -
