Fujitsu ServerView MIB Tree Local Modification

2004-09-06T00:00:00
ID OSVDB:9747
Type osvdb
Reporter l0om(l0om@excluded.org)
Modified 2004-09-06T00:00:00

Description

Vulnerability Description

File "/usr/share/snmp/mibs/.index", which stores information about paths to MIB structure files, is world writeable. This can be exploited to manipulate arbitrary content in the file and corrupt the MIB tree.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Change permission of /usr/share/snmp/mibs/.index to 664

Short Description

File "/usr/share/snmp/mibs/.index", which stores information about paths to MIB structure files, is world writeable. This can be exploited to manipulate arbitrary content in the file and corrupt the MIB tree.

Manual Testing Notes

Check the "/usr/share/snmp/mibs/.index" file permissions.

References:

Security Tracker: 1011168 Secunia Advisory ID:12490 Other Advisory URL: http://www.excluded.org/advisories/advisory15.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0056.html