[8577] in bugtraq
Re: ISS Security Advisory: Hidden community string in SNMP
daemon@ATHENA.MIT.EDU (Matt M. Morris)
Mon Nov 16 23:57:44 1998
Date: Mon, 16 Nov 1998 15:25:28 -0500
Reply-To: "Matt M. Morris" <mmorris@OPS.COM>
From: "Matt M. Morris" <mmorris@OPS.COM>
X-To: sugarat <sugarat@THUNDERHOLD.SUGARAT.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199811160608.BAA00940@thunderhold.sugarat.net>
I am seeing the same results on a 2.6 and a 2.5.1 system with B.5.01 NNM
installed.
matt
>I have tried these on a Solaris 2.6 system whose snmpd binary has been
>replaced with the binary from HP Openview Network Node Manager B.05.01.
>The Solaris install was patched to current in August, and the HP-NNM has
>consolidated patch PSOV_02091 installed, and patches PSOV_02131 &
PSOV_02134.
>I don't recal from the release notes what these patches patched specifically,
>but as they were installed on Sep 28, 1998, I assume them to be previous to
>this thread.
>
>Using snmpd as the community string did return the results of snmpwalk from
>the localhost, using HP's snmpwalk binary. Using the snmpd community from a
>remote host did not return any output. When using snmpget from a remote
host,
>errors were returned stating that the mib variables being gotten did not
exist.
>variables like system.sysObjectId.0 and system.sysUptime.0.
>
>Using the snmpd.conf configured communities retrieved all the data without a
>problem. This was tested on the only two Solaris machines that I have access
>to, both with HP's snmpd binary, both have the same level of vulnerability.
>(ie, using the snmpd comm, data was only retrievable from the localhost)
>
>More informations as it becomes available.
>
>Thanks,
>
>Tim
>
Matt M. Morris
Consultant
Onion Peel Solutions Ph: (919) 821-8004 x242
3101 Industial Drive, Suite 200 Fx: (919) 821-3364
Raleigh, NC 27609 http://www.ops.com
