Bugtraq mailing list archives
ucd snmp vacm's public community access auth probs?
From: ruka () MY-DEJANEWS COM (+ +)
Date: Tue, 6 Apr 1999 03:09:55 -0800
I have found a feature in the vacm ucd-snmp v3.52 and v3.6, when setting up snmp services under Linux RH 5.2. By default, v3.5.2 always delivers the system mib subtree and v3.6 the entire mib tree. Both requests are made with the public community name. All the machines capable of connecting to your snmp port, will have access to that information. Quite contrary to what the documentation says, you can't change this behaviour with the vacm configuration file (/etc/snmp/snmpd.conf). You can try, but it's ignored. I have tried to change v3.5.2, since I needed the entire mib tree for monitoring the Linux machines with Netview, under the public community. A quick and dirty fix for 3.5.2 is changing the source file snmplib/snmp_api.c. Where you are reading DEFAULT_COMMUNITY "public", change the public string to something hard to guess (and make it long, too). After compiling and instaling the modified snmpd, you can configure the public community as you wish. This quirk doesn't work anymore for v3.6. A workaround for restriting access could be ipchains rules under Linux. Regards, Rui --- Rui Fernando Ferreira Ribeiro IT Consultant CASE -----== Sent via Deja News, The Discussion Network ==----- http://www.dejanews.com/ Easy access to 50,000+ discussion forums
Current thread:
- Re: Possible local DoS in sendmail, (continued)
- Re: Possible local DoS in sendmail KuRuPTioN (Apr 01)
- Re: Possible local DoS in sendmail Gregory Neil Shapiro (Apr 02)
- Re: Possible local DoS in sendmail Michał Szymański (Apr 02)
- Long-standing bug in AustNet IRC network Virtual World Grant Bayley (Apr 02)
- Re: Long-standing bug in AustNet IRC network Virtual World Paul McGovern (Apr 05)
- Re: Long-standing bug in AustNet IRC network Virtual World Henrik Edlund (Apr 06)
- Re: Long-standing bug in AustNet IRC network Virtual World Sean Kelly (Apr 07)
- Netcache snmp behaviour Marco Davids (Apr 06)
- Procmail version 3.13.1 released Philip Guenther (Apr 06)
- Digital Unix 4.0E /var permission Harhalakis Stefanos (Apr 04)
- ucd snmp vacm's public community access auth probs? + + (Apr 06)
- Re: Digital Unix 4.0E /var permission implosion (Apr 06)
- Re: Digital Unix 4.0E /var permission Harhalakis Stefanos (Apr 06)
- rsync 2.3.1 release - security fix Andrew Tridgell (Apr 07)