Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISS Security Advisory: Hidden community string in SNMP

From: mmorris () OPS COM (Matt M. Morris)
Date: Tue, 17 Nov 1998 10:26:28 -0500


We have tried a box, Solaris 2.6 patched to current (current as of

september),

that is running the default Sun snmpd binary.  The hidden community
"all private" worked from local and remote machines.


I setup my Ultra 1 with 2.6 -- unpatched -- with the HPOV B.05.01 snmpdm.
I could not get it to work remotely.  Hopefully HPs patch for Solaris NNM
will fix.


I'm not quite sure what we're going to do about this, but on non critical
boxes, ie: the ones we watch only for cold start traps, we have turned of
snmpd and use shell scripts that call snmptrap to send the traps we need to
receive.


Patiently awaiting HP's patches to be released....   <tap, tap....>them.


-Tim
--


-matt



Matt M. Morris
Consultant


Onion Peel Solutions                    Ph: (919) 821-8004  x242
3101 Industial Drive, Suite 200         Fx: (919) 821-3364
Raleigh, NC 27609                       http://www.ops.com
Previous By Date Next
Previous By Thread Next

Current thread: