Bugtraq mailing list archives
Re: AIX SNMP Defaults
From: troy () AUSTIN IBM COM (Troy Bollinger)
Date: Thu, 17 Feb 2000 08:57:06 -0600
Quoting harikiri (harikiri () ATTRITION ORG):
It appears that on the above releases of AIX, the SNMP daemon is enabled by default and two community names are enabled with read/write privileges. The community names are "private" and "system", but are only allowed from localhost connections. Nevertheless, a local user may install an SNMP client, and modify sensitive variables.
This is fixed in AIX 4.3 with APAR IY04865 and was announced on the Security_APARs mailing list from aixserv () austin ibm com in January. Customers wishing to subscribe to this list should send email to aixserv () austin ibm com with a subject of "Subscribe Security_APARs". -- Troy Bollinger troy () austin ibm com AIX Security Development security-alert () austin ibm com PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
Current thread:
- Re: AUTORUN.INF Vulnerability, (continued)
- Re: AUTORUN.INF Vulnerability Valentin Pletzer (Feb 20)
- MMDF Ran Atkinson (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bennett Todd (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Dennis Taylor (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Kevin Hillabolt (Feb 14)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: AIX SNMP Defaults Michal Zalewski (Feb 17)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 21)
- riched32.dll buffer overflow Pauli Ojanpera (Feb 21)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 17)
- Security Bulletins Digest Aleph One (Feb 17)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Jordan Ritter (Feb 15)