[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: NAI-30: Windows NT SNMP Vulnerabilities
From:       David LeBlanc <dleblanc () MINDSPRING ! COM>
Date:       1998-11-19 2:07:56
[Download RAW message or body]

At 11:51 AM 11/18/98 -0800, Dave G. wrote:
>>

>There is another dangerous 'feature' with regards to SNMP community names
>under Windows NT 4.0 (SP3).  If SNMP is enabled, and there are no
>community names configured ( under  Settings -> Control Panel -> Network
>-> Services -> SNMP Service -> Security -> Accepted Community Names )
>any community name will be valid, and will (obviously) have read/write
>privileges.  I was unable to find anything that documented this behavior,
>and as you can imagine, I was quite suprised when I accidentally
>discovered this.

This is actually as per RFC 1157, and is documented on page 532 of the
Server Networking Guide from the NT Resource kit.  We check for that in the
ISS Scanner, too.  IIRC, so does CyberCop.  This behavior is true of just
about any implementation of SNMP which goes by the RFC.  I agree with Mike
Warfield's assertion that SNMP stands for Security Not My Problem.


David LeBlanc
dleblanc@mindspring.com

[prev in list] [next in list] [prev in thread] [next in thread]