[8607] in bugtraq
Re: NAI-30: Windows NT SNMP Vulnerabilities
daemon@ATHENA.MIT.EDU (David LeBlanc)
Fri Nov 20 13:18:18 1998
Date: Wed, 18 Nov 1998 21:07:56 -0500
Reply-To: David LeBlanc <dleblanc@MINDSPRING.COM>
From: David LeBlanc <dleblanc@MINDSPRING.COM>
X-To: "Dave G." <dhg@ES2.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SOL.4.05.9811181140080.13409-100000@gozer>
At 11:51 AM 11/18/98 -0800, Dave G. wrote:
>>
>There is another dangerous 'feature' with regards to SNMP community names
>under Windows NT 4.0 (SP3). If SNMP is enabled, and there are no
>community names configured ( under Settings -> Control Panel -> Network
>-> Services -> SNMP Service -> Security -> Accepted Community Names )
>any community name will be valid, and will (obviously) have read/write
>privileges. I was unable to find anything that documented this behavior,
>and as you can imagine, I was quite suprised when I accidentally
>discovered this.
This is actually as per RFC 1157, and is documented on page 532 of the
Server Networking Guide from the NT Resource kit. We check for that in the
ISS Scanner, too. IIRC, so does CyberCop. This behavior is true of just
about any implementation of SNMP which goes by the RFC. I agree with Mike
Warfield's assertion that SNMP stands for Security Not My Problem.
David LeBlanc
dleblanc@mindspring.com