Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: ISS Security Advisory: Hidden community string in SNMP

Re: ISS Security Advisory: Hidden community string in SNMP

Raphael Muzzio (rmuzzioZDNETMAIL.COM)
Sun, 15 Nov 1998 19:03:55 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Tobkin: "Re: Administrivia"
Previous message: Bill Paul: "Re: (spoofed) RPC portmapper set/unset"
Maybe in reply to: X-Force: "ISS Security Advisory: Hidden community string in SNMP"
Next in thread: Matt M. Morris: "Re: ISS Security Advisory: Hidden community string in SNMP"

Roland,

Actually the message posted by X-Force is referring to backdoor passwords found embedded in the binaries in the Solaris and HP SNMP agents listed.  I have noticed X-Force advisories typically are not full disclosure, so I went ahead and dug into the agents with a binary editor and found the following passwords:

Solaris: all private
HP: snmpd

These passwords are NOT stored in the snmp.conf, and as far as I can tell from testing, cannot be disabled.  I have not tested against the patched versions of the Sun binaries - can someone try this community string on the new agents?

In the last few months this list has seen backdoors in 3COM, HP and Sun products.  Is this common practice among vendords today?

-Raphael

Roland Grefer (btirgui.uis.doleta.gov)
Thu, 5 Nov 1998 16:25:20 -0500

In reply to: Jean Chouanard: "Re: ISS Security Advisory: Hidden community string in SNMP"
> At 02:47 PM 11/2/98 -0800, someone using X-Force's login wrote:
> >
> >ISS Security Advisory
> >November 2nd, 1998
> >
> >Hidden community string in SNMP implementation

The community string in the SNMP implementation actually is NOT hidden,
but rather accessible in plain text form in

        /etc/snmp/conf/snmp.conf

(by default there, or another location when modified; snmpdx usually
should be started with the "-c /pathname/snmp.conf" option to control
which configuration file is being used.

The relevant entries are the strings assigned to

        system-group-read-community     public
        system-group-write-community    private
        read-community                  public
        write-community                 private

It is recommended that these "passwords" be changed from their default
values (above: public/private) to avoid security compromises.

Free web-based email, anytime, anywhere!
ZDNet Mail - http://www.zdnetmail.com

Next message: Chris Tobkin: "Re: Administrivia"
Previous message: Bill Paul: "Re: (spoofed) RPC portmapper set/unset"
Maybe in reply to: X-Force: "ISS Security Advisory: Hidden community string in SNMP"
Next in thread: Matt M. Morris: "Re: ISS Security Advisory: Hidden community string in SNMP"