this brings to mind the question which I always ask the thin air around me when discussing SNMP: why the heck are security software vendors developing NEW versions of their software WITHOUT snmpv3 capabilities?? Is it truly too difficult to assign a developer to change the entire trap module over to v3? New "updates" and entire new "versions" of some of today's most popular devices and software still use v1 only... I wont name names. from a penetration perspective, ty for making my job easier. from the consulting perspective, FIX IT, NOW! -Oliver p. Computer Intrusion Analyst Aegis Research Corp. -----Original Message----- From: Dave Ryan [mailto:dave.ryanat_private] Sent: Tuesday, July 17, 2001 3:47 PM To: Peter Van Epp Cc: pen-testat_private Subject: Re: snmp vulnerablities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Van Epp said the following on Tue, Jul 17, 2001 at 11:06:17AM -0700, > My guess would be that the original poster is trying to exploit the > Solaris SNMP hole (where an echo might make some sense since its a Unix box) > but didn't know it (or at least didn't articulate it). It came across bugtraq > some time ago so a search in the bugtraq archives may be productive. I didn't > look closer than to make sure we had already disabled the program involved > (probably by removing the SUID bit from the program) so I didn't check the > details. Correct, for general consumption: http://www.hack.co.za/download.php?sid=1377 As for comments on protecting SNMPv1 with ACL's and obfuscated Community Strings, that is laughable at best. A better solution is to run with SNMPv3 using AuthPriv functionality, seems like some of the popular management systems don't yet support v3 capabilities. Other solution is to tunnel SNMPv1/2c over IPSec, varyig configurations, I would be more concerned with management<->host authentication than going full ESP, but circumstances dictate. Regards. - -- Dave Ryan Computer Incident Response Team dave.ryanat_private Eircom Multimedia "I see dumb people. All the time." - Simple Nomad -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtUli8ACgkQHSjBCI+q2yJ9wwCfaBS5NmARFGCii2bOgBnub0v3 g8QAniWiI1bL8R6IWkB8emwFJ0wLAM5Q =lNbC -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 10:07:52 PDT