Bugtraq mailing list archives
Re: NAI-30: Windows NT SNMP Vulnerabilities
From: dhg () ES2 NET (Dave G.)
Date: Wed, 18 Nov 1998 11:51:11 -0800
When the SNMP Service is installed, the default configuration that is provided leaves the system vulnerable to attack. In the default configuration the SNMP service answers to a single SNMP community ``public'', which is given read-write permissions. The community is a name that is used much like an account name or a password to restrict who can access the SNMP functions and in what capacity. SNMP provides two levels of access, read-only and read-write. The Windows NT SNMP Service prior to Service Pack 4 does not allow communities to be configured as read-only, so all SNMP communities have the ability to write.
There is another dangerous 'feature' with regards to SNMP community names under Windows NT 4.0 (SP3). If SNMP is enabled, and there are no community names configured ( under Settings -> Control Panel -> Network -> Services -> SNMP Service -> Security -> Accepted Community Names ) any community name will be valid, and will (obviously) have read/write privileges. I was unable to find anything that documented this behavior, and as you can imagine, I was quite suprised when I accidentally discovered this. Dave G. --- Dave Goldsmith <dhg () es2 net> Cambridge Technology Partners Enterprise Security Services http://www.es2.net
Current thread:
- NAI-30: Windows NT SNMP Vulnerabilities Security Research Labs (Nov 17)
- <Possible follow-ups>
- Re: NAI-30: Windows NT SNMP Vulnerabilities David LeBlanc (Nov 18)
- Re: NAI-30: Windows NT SNMP Vulnerabilities Dave G. (Nov 18)
- Re: NAI-30: Windows NT SNMP Vulnerabilities David LeBlanc (Nov 18)
- The Son of Cuartango Hole condor () SEKURE ORG (Nov 19)
- IRIX Vulnerability in ToolTalk RPC Service SGI Security Coordinator (Nov 19)
- NetBSD Security Advisory 1998-005 matthew green (Nov 19)
- Re: NAI-30: Windows NT SNMP Vulnerabilities Friedrichs, Oliver (Nov 18)