[27291] in bugtraq
Re: iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS
daemon@ATHENA.MIT.EDU (Wes Hardaker)
Thu Oct 3 23:01:51 2002
To: dendler@idefense.com
From: Wes Hardaker <wjhns55@hardakers.net>
Date: Wed, 02 Oct 2002 18:43:15 -0700
In-Reply-To: <3D9B1B75.27080.302D6E27@localhost> ("David Endler"'s message
of "Wed, 2 Oct 2002 16:14:45 -0400")
Message-ID: <sdptusxpos.fsf@wanderer.hardakers.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
>>>>> On Wed, 2 Oct 2002 16:14:45 -0400, "David Endler" <dendler@idefense.com> said:
David> This issue potentially affects any Net-SNMP installation in
David> which the "public" read-only community string has not been
David> changed.
net-snmp does not release packages with a pre-configured public
community string. Various vendors (RedHat, etc) however, do. You'd
have to have intentionally granted public access for it to affect you
if you're using net-snmp.
--
"The trouble with having an open mind, of course, is that people will
insist on coming along and trying to put things in it." -- Terry Pratchett
