Bugtraq mailing list archives
Re: ISSalert: ISS Security Update
From: thughes () CISCO COM (topher)
Date: Tue, 17 Nov 1998 16:12:17 +0000
Hidden community string in SNMP implementation Synopsis: Internet Security System (ISS) X-Force has discovered a serious vulnerability in Sun Microsystems(r) Solstice(tm) Enterprise Agent(tm) and the Solaris operating system. This SNMP hidden community string is hard coded into the binary and can not be configured nor is it in the configuration files. The hidden Sun SNMP community word is not the same as the hidden HP SNMP community string. This vulnerability allows attackers to execute arbitrary commands with root privileges, manipulate system parameters, and kill processes.
we're having some interesting results with this. In version 1.0.3 of the SEA SDK (as opposed to just the runtime stuff), the strings 'all public' and 'all private' are present in the mibiisa binary. It is possible to read the entire mib using the 'all private' COI, however, we are having difficulty using either 'private' or 'all private' to write values. This includes when we have actually configured the SNMP daemon to use private. =-) On a system using 1.0.1 it is possible to use the 'all private' to kill processes, kill connections, etc.... Interestingly, it is also possible to use 'private' to change the system information. Again, as far as we can tell, we are _not_ using private as a COI when we can change these values. We did not attempt any spoofing. --topher
Current thread:
- Re: ISSalert: ISS Security Update topher (Nov 17)