Roland, Actually the message posted by X-Force is referring to backdoor passwords found embedded in the binaries in the Solaris and HP SNMP agents listed. I have noticed X-Force advisories typically are not full disclosure, so I went ahead and dug into the agents with a binary editor and found the following passwords: Solaris: all private HP: snmpd These passwords are NOT stored in the snmp.conf, and as far as I can tell from testing, cannot be disabled. I have not tested against the patched versions of the Sun binaries - can someone try this community string on the new agents? In the last few months this list has seen backdoors in 3COM, HP and Sun products. Is this common practice among vendords today? -Raphael Roland Grefer (btirgat_private) Thu, 5 Nov 1998 16:25:20 -0500 In reply to: Jean Chouanard: "Re: ISS Security Advisory: Hidden community string in SNMP" > At 02:47 PM 11/2/98 -0800, someone using X-Force's login wrote: > > > >ISS Security Advisory > >November 2nd, 1998 > > > >Hidden community string in SNMP implementation The community string in the SNMP implementation actually is NOT hidden, but rather accessible in plain text form in /etc/snmp/conf/snmp.conf (by default there, or another location when modified; snmpdx usually should be started with the "-c /pathname/snmp.conf" option to control which configuration file is being used. The relevant entries are the strings assigned to system-group-read-community public system-group-write-community private read-community public write-community private It is recommended that these "passwords" be changed from their default values (above: public/private) to avoid security compromises. Free web-based email, anytime, anywhere! ZDNet Mail - http://www.zdnetmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:29 PDT