exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ISS Security Advisory November 2nd, 1998

ISS Security Advisory November 2nd, 1998
Posted Nov 24, 1998

Internet Security Systems (ISS) X-Force has researched a hidden SNMP community string that exists in HP OpenView. This community may allow unauthorized access to certain SNMP variables. Attackers may use this hidden community to learn about network topology as well as modify MIB variables.

SHA-256 | c4509bb8bc0c9bb4b1232aee4c6d674e2cad3ead96cd10394a1c92336b597242

ISS Security Advisory November 2nd, 1998

Change Mirror Download

From xforce@ISS.NET Tue Nov 3 20:23:08 1998
From: X-Force <xforce@ISS.NET>
To: BUGTRAQ@netspace.org
Date: Mon, 2 Nov 1998 17:56:01 -0500
Subject: ISS Security Advisory: Hidden SNMP community in HP OpenView

-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Advisory
November 2nd, 1998

Hidden SNMP community in HP OpenView

Synopsis:

Internet Security Systems (ISS) X-Force has researched a hidden SNMP community
string that exists in HP OpenView. This community may allow unauthorized
access to certain SNMP variables. Attackers may use this hidden community to
learn about network topology as well as modify MIB variables.

Affected Versions:

ISS X-Force has confirmed that this vulnerability is present in HP OpenView
Version 5.02. Earlier versions are believed to be vulnerable. HP-UX 9.X and
HP-UX 10.X SNMP agents are vulnerable if OpenView is installed. OpenView for
Solaris 2.X is also vulnerable. OpenView for Windows NT is not vulnerable.

Fix Information:

HP has made the following patches available:

PHSS_16800: HP-UX Version 10.X
PHSS_16799: HP-UX Version 9.X
PHOV_02190: Solaris Version 2.X

Description:

All hosts in a managed network rely on the proper delivery and collection of
SNMP data. This vulnerability allows remote attackers access to portions of
the MIB tree used for configuration and maintenance of the SNMP agent.

Attackers may use this hidden community from remote to gain information
otherwise reserved for authorized users. Attackers can also use this community
to disrupt collection of data over SNMP as well as sever communication between
Collection Agents and Management stations.

Additional Information:

ISS Internet Scanner and ISS RealSecure real-time intrusion detection software
have the capability to detect these vulnerabilities.

- ----------

Copyright (c) 1998 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this alert in
any other medium excluding electronic medium, please e-mail xforce@iss.net
for permission.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at
the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNj4p6DRfJiV99eG9AQHzUQQAiQuk5dH2ITvRrkUnDcbnFXpXL3cYrRr1
qI1njwegNburPEiKV14BPCRAVCcn2uWMpkd4E0ChsmMqwBspM3YoFdNqEuzhsqac
pB0CoUizcltd2kZFBbeo2BcIrqSWKAxT326pf9s4Q9Pv7h+1uUlsgNYrH0YSMA7b
l6bnK7VDfUI=
=H2mz
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close