Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: AIX SNMP Defaults

Re: AIX SNMP Defaults

From: Troy Bollinger <troy_at_AUSTIN.IBM.COM>
Date: Mon, 21 Feb 2000 16:14:42 -0600

Quoting Michal Zalewski (lcamtuf_at_DIONE.IDS.PL):
> On Tue, 15 Feb 2000, harikiri wrote:
>
> > It appears that on the above releases of AIX, the SNMP daemon is
> > enabled by default and two community names are enabled with read/write
> > privileges. The community names are "private" and "system", but are
> > only allowed from localhost connections. Nevertheless, a local user
> > may install an SNMP client, and modify sensitive variables.
>
> SNMP requests with no authentication except for source-IP comparsion, are
> spoofable.
>

All recent versions of AIX discard packets with a source address of
loopback when the packet comes in on an external interface. The
following APARs have been available for over 2 years:

   Abstract: SECURITY: discard loopback packets on external interfaces
   4.1.x APAR: IX71366
   4.2.x APAR: IX71405
   4.3.x APAR: included in 4.3.0 initial release 

--
Troy Bollinger                            troy_at_austin.ibm.com
AIX Security Development        security-alert_at_austin.ibm.com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
Received on Feb 22 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos