solaris.snmpd.txt

`Date: Mon, 2 Nov 1998 17:47:32 -0500  
From: X-Force <[email protected]>  
To: [email protected]  
Subject: ISS Security Advisory: Hidden community string in SNMP implementation  
  
-----BEGIN PGP SIGNED MESSAGE-----  
  
  
ISS Security Advisory  
November 2nd, 1998  
  
Hidden community string in SNMP implementation  
  
Synopsis:  
  
Internet Security System (ISS) X-Force has discovered a serious vulnerability  
in Sun Microsystems Solstice Enterprise Agent and the Solaris operating system.  
This vulnerability allows attackers to execute arbitrary commands with root  
privileges, manipulate system parameters and kill processes.  
  
Affected Systems:  
  
ISS X-Force has discovered that this vulnerability is present on the Solaris  
Operating System version 2.6. Earlier versions are vulnerable. Solaris 2.7  
beta is also not vulnerable.  
  
Fix Information:  
  
Sun has made the following patch available:  
  
106787-02: Solaris 5.6  
  
Many administrators have no need for host based SNMP agents. Administrators  
can disable the SNMP daemons temporarily by executing the following commands:  
  
# /etc/init.d/init.snmpdx stop  
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx  
  
Description:  
  
The vulnerabilities are present in the SNMP daemons shipping with Solaris 2.6.  
Solaris 2.6 is configured by default to support SNMP. A hidden and  
undocumented community string is present in the SNMP subagent which may allow  
remote attackers change most system parameters. Remote attackers may kill any  
process, update routes, potentially sidestep firewalls or disable network  
interfaces. Most notably, attackers may indirectly execute arbitrary commands  
with superuser privileges.  
  
This vulnerability is compounded by the fact that these SNMP daemons are  
configured and executed by default. Attackers do not need local access to the  
target host to exploit this vulnerability.  
  
Additional Information:  
  
ISS Internet Scanner and ISS RealSecure real-time intrusion detection software  
have the capability to detect these vulnerabilities.  
  
- ----------  
  
Copyright (c) 1998 by Internet Security Systems, Inc.  
  
Permission is hereby granted for the redistribution of this alert  
electronically. It is not to be edited in any way without express consent  
of X-Force. If you wish to reprint the whole or any part of this alert in  
any other medium excluding electronic medium, please e-mail [email protected]  
for permission.  
  
Disclaimer  
The information within this paper may change without notice. Use of this  
information constitutes acceptance for use in an AS IS condition. There are  
NO warranties with regard to this information. In no event shall the author  
be liable for any damages whatsoever arising out of or in connection with  
the use or spread of this information. Any use of this information is at  
the user's own risk.  
  
X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as  
well as on MIT's PGP key server and PGP.com's key server.  
  
X-Force Vulnerability and Threat Database: http://www.iss.net/xforce  
  
Please send suggestions, updates, and comments to:  
X-Force <[email protected]> of Internet Security Systems, Inc.  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: 2.6.3a  
Charset: noconv  
  
iQCVAwUBNj4p8TRfJiV99eG9AQEABAQAoiiMDK/lRoYk9OmVvQjPe3asJ+++foIR  
6U41EtCXF4R38po2GtBeIA8C2XCgAEzbs+dfawJJx2emgecuJSIMrg0byhPesgxn  
jgAtL/j3k7R2rf+Qp6pIwgJ6pWQiF86H812HwUVbOaE+BBfyUPpxlPWtNrGVFqcb  
Rs6dobk2GZg=  
=XX5W  
-----END PGP SIGNATURE-----  
  
`