[8596] in bugtraq
Re: NAI-30: Windows NT SNMP Vulnerabilities
daemon@ATHENA.MIT.EDU (Dave G.)
Wed Nov 18 15:36:34 1998
Date: Wed, 18 Nov 1998 11:51:11 -0800
Reply-To: "Dave G." <dhg@ES2.NET>
From: "Dave G." <dhg@ES2.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSI.4.02.9811181434590.7358-100000@escape.com>
>
> When the SNMP Service is installed, the default configuration that is
> provided leaves the system vulnerable to attack. In the default
> configuration the SNMP service answers to a single SNMP community
> ``public'', which is given read-write permissions. The community
> is a name that is used much like an account name or a password to
> restrict who can access the SNMP functions and in what capacity.
> SNMP provides two levels of access, read-only and read-write. The
> Windows NT SNMP Service prior to Service Pack 4 does not allow
> communities to be configured as read-only, so all SNMP communities
> have the ability to write.
>
There is another dangerous 'feature' with regards to SNMP community names
under Windows NT 4.0 (SP3). If SNMP is enabled, and there are no
community names configured ( under Settings -> Control Panel -> Network
-> Services -> SNMP Service -> Security -> Accepted Community Names )
any community name will be valid, and will (obviously) have read/write
privileges. I was unable to find anything that documented this behavior,
and as you can imagine, I was quite suprised when I accidentally
discovered this.
Dave G.
---
Dave Goldsmith
<dhg@es2.net>
Cambridge Technology Partners
Enterprise Security Services
http://www.es2.net
