Bugtraq mailing list archives
Re: ISS Security Advisory: Hidden community string in SNMP
From: btirg () ui uis doleta gov (Roland Grefer)
Date: Thu, 5 Nov 1998 16:25:20 -0500
At 02:47 PM 11/2/98 -0800, someone using X-Force's login wrote:ISS Security Advisory November 2nd, 1998 Hidden community string in SNMP implementation
The community string in the SNMP implementation actually is NOT hidden,
but rather accessible in plain text form in
/etc/snmp/conf/snmp.conf
(by default there, or another location when modified; snmpdx usually
should be started with the "-c /pathname/snmp.conf" option to control
which configuration file is being used.
The relevant entries are the strings assigned to
system-group-read-community public
system-group-write-community private
read-community public
write-community private
It is recommended that these "passwords" be changed from their default
values (above: public/private) to avoid security compromises.
ISS X-Force has discovered that this vulnerability is present on the Solaris Operating System version 2.6. Earlier versions are vulnerable. Solaris 2.7 beta is also not vulnerable.
Could anybody please clarify which versions are deemed vulnerable and which ones are "also not"?
Sun has made the following patch available: 106787-02: Solaris 5.6
Sun does NOT claim this patch to fix any of the issues stated in the ISS
advisory.
In fact, the above patch fixes different vulnerabilities in snmpdx, which
could be exploited by a DoSA or malicious user
pre-patch it deletes an agent from the agent table when queried
with an incorrect "read string"
a couple of (configuration) files are installed wrold writable
ISS Internet Scanner and ISS RealSecure real-time intrusion detection software have the capability to detect these vulnerabilities.
Could it be that this advertising was a/the hidden agenda? Regards, Roland -- - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - Roland Grefer | Department of Labor | Ph: +1-202-219-8432x365 Senior Systems Analyst | Nat'l Office ETA/UIS/DIT | Fx: +1-202-219-8506 -=|=- -=|=- -=|=- -=|=-| 200 Constitution Ave, NW | -=|=- -=|=- -=|=- -=|=- Base Technologies, Inc | Washington, DC 20210 | btirg () uis doleta gov - - - - - - - - - - - - - - Speaking for myself - + - - - - - - - - - - - -
Current thread:
- ISS Security Advisory: Hidden community string in SNMP X-Force (Nov 02)
- Re: ISS Security Advisory: Hidden community string in SNMP Jean Chouanard (Nov 04)
- Re: ISS Security Advisory: Hidden community string in SNMP Roland Grefer (Nov 05)
- <Possible follow-ups>
- Re: ISS Security Advisory: Hidden community string in SNMP Davin Milun (Nov 05)
- Re: ISS Security Advisory: Hidden community string in SNMP Raphael Muzzio (Nov 15)
- Re: ISS Security Advisory: Hidden community string in SNMP sugarat (Nov 15)
- Re: ISS Security Advisory: Hidden community string in SNMP Matt M. Morris (Nov 16)
- Re: ISS Security Advisory: Hidden community string in SNMP sugarat (Nov 16)
- Re: ISS Security Advisory: Hidden community string in SNMP Matt M. Morris (Nov 17)
- nftp vulnerability (fwd) Eric Wanner (Nov 16)
- ISSalert: ISS Security Update Aleph One (Nov 16)
- Re: ISS Security Advisory: Hidden community string in SNMP sugarat (Nov 15)
- Re: ISS Security Advisory: Hidden community string in SNMP Jean Chouanard (Nov 04)
- Re: ISS Security Advisory: Hidden community string in SNMP Matt M. Morris (Nov 16)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Nov 16)