Re: [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability

[chris_calabrese () YAHOO COM (Chris Calabrese)]

> 1. The creation of temporary file of SNMP daemon

As far as I can tell, the worst thing you can do
with this is modify the log entries.
Not a good thing, but not like you can become
root or anything.  Of course, even if the file
permissions problem were fixed, I'm guessing
the thing would still follow sym-links, re-use
existing files owned by other users, etc.
The right thing to do is log to syslog and not
use a file in /tmp.

> 2. The permission for the set-up file of SNMP daemon

Actually, there's an HP patch for this
problem already.  The trouble is that they
never put out a security advisory, so very
few people know about it. (I even searched
on their web page in case I had missed
it some how).

The base patches are PHSS_20543 (10.20)
and PHSS_20544 (11.00).

They're also in the OV EMANATE14.2
Agent Consolidated Patch (HP speak for
an snmpd jumbo patch) PHSS_20543 (10.20)
and PHSS_21046 (11.00)

The patch doesn't actually chmod
the file, so you still need to do a
  chmod 700 /etc/SnmpAgent.d/snmpd.conf
after you install it.

And...the file still gets recreated on
startup, so if you're running Tripwire
you'll see the file inode, mtime, and ctime
change and the directory mtime change.
You can handle it with something like this:
  /etc/SnmpAgent.d        R-imc


--
chris_calabrese () yahoo com

__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com