Re: ISS Security Advisory: Hidden community string in SNMP

From: Matt M. Morris (mmorrisat_private)
Date: Tue Nov 17 1998 - 07:26:28 PST

Next message: David LeBlanc: "Re: NAI-30: Windows NT SNMP Vulnerabilities"

Previous message: Martin Schulze: "Re: [Linux] klogd 1.3-22 buffer overflow"
Maybe in reply to: X-Force: "ISS Security Advisory: Hidden community string in SNMP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>We have tried a box, Solaris 2.6 patched to current (current as of
september),
>that is running the default Sun snmpd binary.  The hidden community
>"all private" worked from local and remote machines.

I setup my Ultra 1 with 2.6 -- unpatched -- with the HPOV B.05.01 snmpdm.
I could not get it to work remotely.  Hopefully HPs patch for Solaris NNM
will fix.

>I'm not quite sure what we're going to do about this, but on non critical
>boxes, ie: the ones we watch only for cold start traps, we have turned of
>snmpd and use shell scripts that call snmptrap to send the traps we need to
>receive.

Patiently awaiting HP's patches to be released....   <tap, tap....>them.
>
>-Tim
>--

-matt



Matt M. Morris
Consultant


Onion Peel Solutions                    Ph: (919) 821-8004  x242
3101 Industial Drive, Suite 200         Fx: (919) 821-3364
Raleigh, NC 27609                       http://www.ops.com

Next message: David LeBlanc: "Re: NAI-30: Windows NT SNMP Vulnerabilities"
Previous message: Martin Schulze: "Re: [Linux] klogd 1.3-22 buffer overflow"
Maybe in reply to: X-Force: "ISS Security Advisory: Hidden community string in SNMP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:43 PDT