[15292] in bugtraq
Re: HP-UX SNMP daemon vulnerability
daemon@ATHENA.MIT.EDU (HP S/W Security Team)
Sat Jun 10 04:15:46 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200006090640.XAA00779@hpchs.cup.hp.com>
Date: Thu, 8 Jun 2000 23:40:02 -0700
Reply-To: security-alert@hp.com
From: HP S/W Security Team <secure@HPCHS.CUP.HP.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
To whom it may concern:
The /etc/SnmpAgent.d/snmpd.conf file permission problem can be
solved by installing PHSS_21046.
Older versions of Emanate Master Agents (pre PHSS_17945) were
temporarily moving snmpd.conf to /tmp and re-creating
/etc/SnmpAgent.d/snmpd.conf using the current umask set for root.
The code has been changed to preserve the file access rights.
The Master Agent log file(s) are still created using the current
umask if the files are not present, else the previous permissions
are preserved.
The following steps should be performed:
1) install PHSS_21046
2) chmod 600 /etc/SnmpAgent.d
3) chmod 600 /var/adm/snmpd.log
Thank you.
HP S/W Security Team
Cupertino, CA
--
