-----BEGIN PGP SIGNED MESSAGE----- =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Teun Nijssen Index : S-98-74 Distribution : World Page : 1 Classification: External Version: 1 Subject : Sun: Hidden community string in SNMP Date : 09-nov-98 =============================================================================== By courtesy of SUN Microsystems, Inc. we received information on a vulnerability in various versions of Solstice Enterprise Agents. CERT-NL recommends to upgrade Solstice Enterprise Agents to safe versions as advised by Sun. _____________________________________________________________________________ Sun Microsystems, Inc. Security Bulletin Bulletin Number: #00178 Date: November 9, 1998 Cross-Ref: ISS Security Advisory: Hidden community string in SNMP Title: SNMP _____________________________________________________________________________ 1. Background Solstice Enterprise Agents(tm) expands the scope of enterprise management by providing a comprehensive development and runtime environment enabling the creation of custom, extensible agents for device and system management for the Solaris(tm) operating environment. Solstice Enterprise Agents(SEA) supports both the Simple Network Management Protocol and DMI protocols. Simple Network Management Protocol(SNMP) was designed to allow the remote management of systems and devices on a network. SNMP relies on processes known as master agents and subagents. Upon invocation, agents read various configuration files and maintain Management Information Bases(MIBs). Access to information in the MIBs can be controlled by community strings. A default community string is present in the Sun SNMP subagent that may be exploited by remote attackers to modify system parameters or execute arbitrary commands with root privileges. SEA was initially available as an unbundled product and later bundled with Solaris 2.6 at version 1.0.1. 2. Recommendations Sun recommends that sites running Solaris 2.6 and sites running SEA on Solaris 2.5.1 upgrade the SEA software to SEA 1.0.3. SEA 1.0.3 is bundled with Solaris 7. SEA 1.0.3 is available for Solaris 2.6, 2.6_x86, 2.5.1, and 2.5.1_x86 and may be downloaded from: http://www.sun.com/solstice/products/ent.agents/ Sun also recommends that sites running SEA 1.0 on Solaris 2.4 and 2.5 either disable SEA (see section 3) or upgrade the operating system to Solaris 7 if possible. Sites upgrading to Solaris 2.5.1 or 2.6 may obtain SEA 1.0.3 from the URL listed above. 3. Workaround Sun recommends that you disable SEA on vulnerable systems until SEA 1.0.3 is installed. To determine if your system is using SEA, use pkginfo on one of the following SEA packages: SUNWmibii, SUNWsacom, SUNWsadmi, SUNWsasnm. For example, on SEA 1.0 and 1.0.1, a pkginfo on SUNWmibii will display as follows: % pkginfo SUNWmibii system SUNWmibii Solstice Enterprise Agent SNMP daemon On SEA 1.0.2: % pkginfo SUNWmibii system SUNWmibii Solstice Enterprise Agents 1.0.2 SNMP daemon To disable SEA, perform the following steps: % su Password: # /etc/init.d/init.snmpdx stop # mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx _____________________________________________________________________________ APPENDICES A. Patches listed in this bulletin are available to all Sun customers via World Wide Web at: B. Checksums for the patches listed in this bulletin are available via World Wide Web at: C. Sun security bulletins are available via World Wide Web at: D. Sun Security Coordination Team's PGP key is available via World Wide Web at: E. To report or inquire about a security problem with Sun software, contact one or more of the following: - Your local Sun answer centers - Your representative computer security response team, such as CERT - Sun Security Coordination Team. Send email to: security-alert@sun.com F. To receive information or subscribe to our CWS (Customer Warning System) mailing list, send email to: security-alert@sun.com with a subject line (not body) containing one of the following commands: Command Information Returned/Action Taken _______ _________________________________ help An explanation of how to get information key Sun Security Coordination Team's PGP key list A list of current security topics query [topic] The email is treated as an inquiry and is forwarded to the Security Coordination Team report [topic] The email is treated as a security report and is forwarded to the Security Coordination Team. Please encrypt sensitive mail using Sun Security Coordination Team's PGP key send topic A short status summary or bulletin. For example, to retrieve a Security Bulletin #00138, supply the following in the subject line (not body): send #138 subscribe Sender is added to our mailing list. To subscribe, supply the following in the subject line (not body): subscribe cws your-email-address Note that your-email-address should be substituted by your email address. unsubscribe Sender is removed from the CWS mailing list. ============================================================================== CERT-NL thanks SUN Microsystems, Inc for bringing this information to our attention. ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://www.surfnet.nl/surfnet/security/cert-nl.html ftp://ftp.surfnet.nl/surfnet/net-security In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS Phone: +31 302 305 305 BUSINESS HOURS ONLY Fax: +31 302 305 329 BUSINESS HOURS ONLY Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands NOODGEVALLEN: 06 52 87 92 82 ALTIJD BEREIKBAAR EMERGENCIES : +31 6 52 87 92 82 ATTENDED AT ALL TIMES CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES: THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: PGP 6.0 iQCVAwUBNkg81FpSTqmIRWKVAQH41AQAusBpZzymXdl/fBdTnMuF1LMEUb7z5IW7 VoIEH7Jq1czaG7Y9SOoZDtVDLhniL/mzXJj+mcpby5IK3BQcLlwt38rYeHB2K7dk lhrIbk/YF+lfw09dXcKpvIB02EzxNy/3LAhfxQsGFNVB/dJao5H3qaTOf0A8Jhgp d4lnAf7aiFo= =rUXR -----END PGP SIGNATURE-----