Bugtraq mailing list archives
Re: ISS Security Advisory: Hidden community string in SNMP
From: rmuzzio () ZDNETMAIL COM (Raphael Muzzio)
Date: Sun, 15 Nov 1998 19:03:55 -0700
Roland, Actually the message posted by X-Force is referring to backdoor passwords found embedded in the binaries in the Solaris and HP SNMP agents listed. I have noticed X-Force advisories typically are not full disclosure, so I went ahead and dug into the agents with a binary editor and found the following passwords: Solaris: all private HP: snmpd These passwords are NOT stored in the snmp.conf, and as far as I can tell from testing, cannot be disabled. I have not tested against the patched versions of the Sun binaries - can someone try this community string on the new agents? In the last few months this list has seen backdoors in 3COM, HP and Sun products. Is this common practice among vendords today? -Raphael Roland Grefer (btirg () ui uis doleta gov) Thu, 5 Nov 1998 16:25:20 -0500 In reply to: Jean Chouanard: "Re: ISS Security Advisory: Hidden community string in SNMP"
At 02:47 PM 11/2/98 -0800, someone using X-Force's login wrote:ISS Security Advisory November 2nd, 1998 Hidden community string in SNMP implementation
The community string in the SNMP implementation actually is NOT hidden, but rather accessible in plain text form in /etc/snmp/conf/snmp.conf (by default there, or another location when modified; snmpdx usually should be started with the "-c /pathname/snmp.conf" option to control which configuration file is being used. The relevant entries are the strings assigned to system-group-read-community public system-group-write-community private read-community public write-community private It is recommended that these "passwords" be changed from their default values (above: public/private) to avoid security compromises. Free web-based email, anytime, anywhere! ZDNet Mail - http://www.zdnetmail.com
Current thread:
- ISS Security Advisory: Hidden community string in SNMP X-Force (Nov 02)
- Re: ISS Security Advisory: Hidden community string in SNMP Jean Chouanard (Nov 04)
- Re: ISS Security Advisory: Hidden community string in SNMP Roland Grefer (Nov 05)
- <Possible follow-ups>
- Re: ISS Security Advisory: Hidden community string in SNMP Davin Milun (Nov 05)
- Re: ISS Security Advisory: Hidden community string in SNMP Raphael Muzzio (Nov 15)
- Re: ISS Security Advisory: Hidden community string in SNMP sugarat (Nov 15)
- Re: ISS Security Advisory: Hidden community string in SNMP Matt M. Morris (Nov 16)
- Re: ISS Security Advisory: Hidden community string in SNMP sugarat (Nov 16)
- Re: ISS Security Advisory: Hidden community string in SNMP Matt M. Morris (Nov 17)
- nftp vulnerability (fwd) Eric Wanner (Nov 16)
- ISSalert: ISS Security Update Aleph One (Nov 16)
- Re: ISS Security Advisory: Hidden community string in SNMP sugarat (Nov 15)
- Re: ISS Security Advisory: Hidden community string in SNMP Jean Chouanard (Nov 04)
- Re: ISS Security Advisory: Hidden community string in SNMP Matt M. Morris (Nov 16)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Nov 16)
- KDE 1.0's klock can be used to gain root priveledges HD Moore (Nov 16)
- Re: KDE 1.0's klock can be used to gain root priveledges Phillip Vandry (Nov 17)