OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: snmp problems still alive...
From: Ryan Russell (ryanSECURITYFOCUS.COM)
Date: Tue Feb 15 2000 - 21:54:09 CST

Nice summary.

> - Windows 98 (not 95) - public

You have to install the agent, it's not stock. And it's not so much that
the world-writable string is "public" as it is that there isn't one.
You'll get write access no matter what community name you use. MS made
improvments under NT, 'cause it was the same, but it's still broken in 9x
AFAIK. Check:
http://www.nai.com/nai_labs/asp_set/advisory/30_nai_snmp.asp

> - Sun/SPARC Ultra 10 (Ultra-5_10) - private

I'm sure I won't be the only one to point out that the SNMP problem is
part of the OS (Solaris 2.6 and later) not the hardware. I suspect Sparc
OpenBSD will be OK. :)

Solaris 2.6 was the first version (I believe) to install an SNMP agent as
part of a standard Solaris install. There were hard-coded SNMP community
names that gave write access. There was also a patch. Check out:
http://www.securityfocus.com/vdb/bottom.html?vid=177

At a previous job, Lucent installed a remote access server and left the
SNMP write community as public.

I don't think SNMP issues have gotten as much attention as they should.
There are some really bad things one can do. Depending on platform, you
can start and stop programs, kill processes, download all passwords, shut
down the boxes, change hardware settings, all without any loggin in most
cases.

You really want to not have this problem.

                                        Ryan