Bugtraq mailing list archives
Re: snmp problems still alive...
From: drajnovi () CISCO COM (Damir Rajnovic)
Date: Thu, 17 Feb 2000 14:47:54 +0000
Hello there, Since I am mentioned here it deserves a reply. At 18:18 15/02/2000 -0500, John Comeau wrote:
Cisco 1924s for sure have "public" as rw string and "private" for ro, and I'm about 80% sure the 2924 does too. Many Cisco routers have an snmp "feature" with security ramifications which Damir Rajnovic has agreed to post to Bugtraq (as of Jan. 1), but I guess Cisco's lawyers have to hash it out for a few more weeks before he'll be allowed to. If he doesn't, I will - jc
I still own a reply to John and wider audience and I am aware of that. It is true that John found a 'feature' that is cause of some concern and the only reason why I did not disclose it is that is not fixed jet. I am assuring you that lawyers do not have anything with that. A fix is a documentation fix. I was assured by people who are writing that part of code (SNMP) that this particular behavior is according to the specification (SNMPv3). Mind you, I am not downplaying significance of that issue but merely stating the facts. Cheers, Gaus ============== Damir Rajnovic <psirt () cisco com>, PSIRT Incident Manager, Cisco Systems <http://www.cisco.com/warp/public/707/sec_incident_response.shtml> Phone: +44 7715 546 033 4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB ============== There is no insolvable problems. Question remains: can you accept the solution?
Current thread:
- FreeBSD Security Advisory: FreeBSD-SA-00:03.asmon, (continued)
- FreeBSD Security Advisory: FreeBSD-SA-00:03.asmon Kris Kennaway (Feb 19)
- Re: cisco/ascend snmp config tool or exploit? -- Re: snmp problems still alive Michal Zalewski (Feb 20)
- Patch Available for "VM File Reading" Vulnerability Microsoft Product Security (Feb 19)
- Re: cisco/ascend snmp config tool or exploit? -- Re: snmp problems still alive Michal Zalewski (Feb 20)
- unused bit attack alert LigerTeam (Feb 21)
- A.L.E.R.T.: BigMailBox.com href tokens leave mailboxes open to control by a malicious site. Cancer Omega (Feb 21)
- Re: unused bit attack alert Jochen Bauer (Feb 22)
- Re: unused bit attack alert Carlos García Argos (Feb 22)
- Re: unused bit attack alert CyberPsychotic (Feb 22)
- Re: snmp problems still alive... Damir Rajnovic (Feb 17)