Re: ISS Security Advisory: Hidden community string in SNMP

From: Roland Grefer (btirgat_private)
Date: Thu Nov 05 1998 - 13:25:20 PST

Next message: security-alertat_private: "Cisco security notice: Cisco IOS DFS Access List Leakage"

Previous message: HD Moore: "Re: Communicator 4.5 stores EVERY mail-password in preferences.js"
Maybe in reply to: X-Force: "ISS Security Advisory: Hidden community string in SNMP"
Next in thread: Raphael Muzzio: "Re: ISS Security Advisory: Hidden community string in SNMP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> At 02:47 PM 11/2/98 -0800, someone using X-Force's login wrote:
> >
> >ISS Security Advisory
> >November 2nd, 1998
> >
> >Hidden community string in SNMP implementation

The community string in the SNMP implementation actually is NOT hidden,
but rather accessible in plain text form in

        /etc/snmp/conf/snmp.conf

(by default there, or another location when modified; snmpdx usually
should be started with the "-c /pathname/snmp.conf" option to control
which configuration file is being used.

The relevant entries are the strings assigned to

        system-group-read-community     public
        system-group-write-community    private
        read-community                  public
        write-community                 private

It is recommended that these "passwords" be changed from their default
values (above: public/private) to avoid security compromises.

> >ISS X-Force has discovered that this vulnerability is present on the Solaris
> >Operating System version 2.6.  Earlier versions are vulnerable.  Solaris 2.7
> >beta is also not vulnerable.

Could anybody please clarify which versions are deemed vulnerable and
which ones are "also not"?

> >Sun has made the following patch available:
> >
> >106787-02:              Solaris 5.6

Sun does NOT claim this patch to fix any of the issues stated in the ISS
advisory.

In fact, the above patch fixes different vulnerabilities in snmpdx, which
could be exploited by a DoSA or malicious user

        pre-patch it deletes an agent from the agent table when queried
        with an incorrect "read string"

        a couple of (configuration) files are installed wrold writable


> >ISS Internet Scanner and ISS RealSecure real-time intrusion detection software
> >have the capability to detect these vulnerabilities.

Could it be that this advertising was a/the hidden agenda?

Regards,
Roland

--
- - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - -
Roland Grefer          | Department of Labor      | Ph: +1-202-219-8432x365
Senior Systems Analyst | Nat'l Office ETA/UIS/DIT | Fx: +1-202-219-8506
-=|=- -=|=- -=|=- -=|=-| 200 Constitution Ave, NW | -=|=- -=|=- -=|=- -=|=-
Base Technologies, Inc | Washington, DC 20210     | btirgat_private
- - - - - - - - - - - - - - Speaking for myself - + - - - - - - - - - - - -

Next message: security-alertat_private: "Cisco security notice: Cisco IOS DFS Access List Leakage"
Previous message: HD Moore: "Re: Communicator 4.5 stores EVERY mail-password in preferences.js"
Maybe in reply to: X-Force: "ISS Security Advisory: Hidden community string in SNMP"
Next in thread: Raphael Muzzio: "Re: ISS Security Advisory: Hidden community string in SNMP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:14 PDT