Full Disclosure mailing list archives
Re: on topic - cisco snmp
From: Ilker Temir <itemir () cisco com>
Date: Sat, 7 Jun 2003 17:44:43 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is in response to the e-mail sent by Lee E. Rian. The original e-mail is available at http://lists.netsys.com/pipermail/full-disclosure/2003-June/010153.html Hello Lee, Thank you for notifying us about this issue. We have updated the examples at http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800948e6.shtml and excluded the MIBs that may create a security exposure. We are always very interested in vulnerability reports regarding our products and welcome the chance to work with security researchers. Such reports should be directly sent to our team at psirt () cisco com or to security-alert () cisco com for emergency response. Thank you again, Regards, - -- Ilker Temir Incident Manager, PSIRT Cisco Systems, Inc. +32 2 704-6031 http://www.cisco.com/go/psirt On Fri, 6 Jun 2003 lee.e.rian () census gov wrote:
If you follow Cisco's suggested work-around for SNMP causes high CPU utilization you might be exposing the write community string. http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800948e6.shtml has the following instructions: To avoid performance issues, force the router to prematurely end queries for the route table from the network management system server. Configure the router to respond with a complete message as soon as it receives the start of a request for the route table, as follows: snmp-server view cutdown internet included snmp-server view cutdown ipRouteTable excluded snmp-server view cutdown ipNetToMediaTable excluded snmp-server view cutdown at excluded snmp-server community public view cutdown RO snmp-server community private view cutdown RW The problem is that the View-based Access Control MIB is now included in the read-only view: snmpwalk -c public -v 2c c800 vacmAccessWriteViewName .iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName."public"."".1.noAuthNoPriv = .iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName."public"."".2.noAuthNoPriv = .iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName."private"."".1.noAuthNoPriv = cutdown .iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName."private"."".2.noAuthNoPriv = cutdown Fix is to remove the Vacm MIB from the view by adding snmp-server view cutdown internet.6.3.16 excluded c800#conf t Enter configuration commands, one per line. End with CNTL/Z. c800(config)#snmp-server view cutdown internet.6.3.16 excluded c800(config)#end c800# snmpwalk -c public -v 2c c800 vacmAccessWriteViewName .iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName = No more variables left in this MIB View Lee _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (SunOS) iD8DBQE+4ghz8/wE0ppYtwURAt9KAJ4/nBObOC6SVHINBsYJatKpAHHaKACfbX+t Hg5j8KQWRDUdeH8JZGrG/Ts= =5jZp -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- on topic - cisco snmp lee . e . rian (Jun 06)
- Re: on topic - cisco snmp Ilker Temir (Jun 07)