[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AIX SNMP Defaults

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: AIX SNMP Defaults
From: harikiri <harikiri@ATTRITION.ORG>
Date: Tue, 15 Feb 2000 18:58:06 -0600

Following on from Michael Zalewski's recent SNMP post, here's an issue i
noted on two AIX systems.

NOTE: This was seen on both AIX 4.3 and 4.2.

It appears that on the above releases of AIX, the SNMP daemon is enabled
by default and two community names are enabled with read/write privileges.
The community names are "private" and "system", but are only allowed from
localhost connections. Nevertheless, a local user may install an SNMP
client, and modify sensitive variables.

Excerpt from /etc/snmpd.conf:

        <snip>

        # 2. Set the community names and access privileges for hosts that can 
make
        #    requests of this snmpd agent.  Define these restrictions as 
follows:
        #
        #       community  <name>  <address>  <netmask>  <permissions> <view 
name>

        <snip>

        community       public
        community       private 127.0.0.1 255.255.255.255 readWrite
        community       system  127.0.0.1 255.255.255.255 readWrite 1.17.2

harikiri

Prev by Date: Re: DDOS Attack Mitigation
Next by Date: Re: FireWall-1 FTP Server Vulnerability
Prev by thread: Re: Doubledot bug in FrontPage FrontPage Personal Web Server.
Next by thread: Re: AIX SNMP Defaults
Index(es):
- Date
- Thread