Bugtraq mailing list archives

Re: NAI-30: Windows NT SNMP Vulnerabilities

From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Wed, 18 Nov 1998 21:07:56 -0500


At 11:51 AM 11/18/98 -0800, Dave G. wrote:

There is another dangerous 'feature' with regards to SNMP community names
under Windows NT 4.0 (SP3).  If SNMP is enabled, and there are no
community names configured ( under  Settings -> Control Panel -> Network
-> Services -> SNMP Service -> Security -> Accepted Community Names )
any community name will be valid, and will (obviously) have read/write
privileges.  I was unable to find anything that documented this behavior,
and as you can imagine, I was quite suprised when I accidentally
discovered this.


This is actually as per RFC 1157, and is documented on page 532 of the
Server Networking Guide from the NT Resource kit.  We check for that in the
ISS Scanner, too.  IIRC, so does CyberCop.  This behavior is true of just
about any implementation of SNMP which goes by the RFC.  I agree with Mike
Warfield's assertion that SNMP stands for Security Not My Problem.


David LeBlanc
dleblanc () mindspring com

Current thread:

NAI-30: Windows NT SNMP Vulnerabilities Security Research Labs (Nov 17)
- <Possible follow-ups>
- Re: NAI-30: Windows NT SNMP Vulnerabilities David LeBlanc (Nov 18)
- Re: NAI-30: Windows NT SNMP Vulnerabilities Dave G. (Nov 18)
  - Re: NAI-30: Windows NT SNMP Vulnerabilities David LeBlanc (Nov 18)
  - The Son of Cuartango Hole condor () SEKURE ORG (Nov 19)
  - IRIX Vulnerability in ToolTalk RPC Service SGI Security Coordinator (Nov 19)
  - NetBSD Security Advisory 1998-005 matthew green (Nov 19)
- Re: NAI-30: Windows NT SNMP Vulnerabilities Friedrichs, Oliver (Nov 18)