Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: AIX SNMP Defaults

Re: AIX SNMP Defaults

From: Troy Bollinger <troy_at_AUSTIN.IBM.COM>
Date: Thu, 17 Feb 2000 08:57:06 -0600

Quoting harikiri (harikiri_at_ATTRITION.ORG):
>
> It appears that on the above releases of AIX, the SNMP daemon is enabled
> by default and two community names are enabled with read/write privileges.
> The community names are "private" and "system", but are only allowed from
> localhost connections. Nevertheless, a local user may install an SNMP
> client, and modify sensitive variables.
>

This is fixed in AIX 4.3 with APAR IY04865 and was announced on the
Security_APARs mailing list from aixserv_at_austin.ibm.com in January.

Customers wishing to subscribe to this list should send email to
aixserv_at_austin.ibm.com with a subject of "Subscribe Security_APARs". 

--
Troy Bollinger                            troy_at_austin.ibm.com
AIX Security Development        security-alert_at_austin.ibm.com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
Received on Feb 17 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos