Internet Security System (ISS) X-Force has discovered a serious vulnerability in Sun Microsystems(r) Solstice(tm) Enterprise Agent(tm) and the Solaris operating system. This SNMP hidden community string is hard coded into the binary and can not be configured nor is it in the configuration files. The hidden Sun SNMP community word is not the same as the hidden HP SNMP community string. This vulnerability allows attackers to execute arbitrary commands with root privileges, manipulate system parameters, and kill processes.
fa2c0d6650b5ab8ee495be17e45d85317a231a811378a40855a25a0d83a0aa61
From aleph1@DFW.NET Wed Nov 18 12:01:15 1998
From: Aleph One <aleph1@DFW.NET>
X-Sender: aleph1@dfw.nationwide.net
To: BUGTRAQ@netspace.org
Date: Tue, 17 Nov 1998 00:46:27 -0600
Subject: ISSalert: ISS Security Update
---------- Forwarded message ----------
Date: Mon, 16 Nov 1998 13:41:02 -0500 (EST)
From: X-Force <xforce@iss.net>
To: alert@iss.net
Cc: X-Force <xforce@iss.net>
Subject: ISSalert: ISS Security Update
-----BEGIN PGP SIGNED MESSAGE-----
ISS Security Update
November 16th, 1998
This update contains updated patch information for the ISS Security
Advisories "Hidden community string in SNMP implementation" and "BMC
PATROL File Creation Vulnerability" released on November 2, 1998.
_____
Hidden community string in SNMP implementation
Synopsis:
Internet Security System (ISS) X-Force has discovered a serious
vulnerability in Sun Microsystems(r) Solstice(tm) Enterprise Agent(tm)
and the Solaris operating system. This SNMP hidden community string is
hard coded into the binary and can not be configured nor is it in the
configuration files. The hidden Sun SNMP community word is not the same
as the hidden HP SNMP community string. This vulnerability allows
attackers to execute arbitrary commands with root privileges, manipulate
system parameters, and kill processes.
To determine if you are vulnerable:
Run pkginfo to determine the revision of SEA you are running on your
system. If you are running SEA 1.0 or 1.0.1 on Solaris 2.4 or 2.5,
disable the agents or upgrade your operating system. If you are running
2.5.1 or higher you may upgrade to SEA 1.0.3.
SEA 1.0 and 1.0.1 agents will display:
% pkginfo SUNWmibii
system SUNWmibii Solstice Enterprise Agent SNMP daemon
For SEA 1.0.2:
% pkginfo SUNWmibii
system SUNWmibii Solstice Enterprise Agents 1.0.2 SNMP daemon
Updated Fix Information:
The patch information initially provided in the November 2nd advisory was
incorrect. Sun Microsystems advises all its Solaris 2.6, 2.6_x86. 2.5.1,
and 2.5.1_x86 customers to upgrade to Solstice Enterprise Agents
version1.0.3. This version is available at
http://www.sun.com/solstice/products/ent.agents. Many system
administrators have no need for host-based SNMP agents. Administrators can
temporarily disable the SNMP daemons by executing the following commands
as root:
# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
_____
BMC PATROL File Creation Vulnerability
Synopsis:
Internet Security Systems (ISS) X-Force has discovered a vulnerability in
BMC Software PATROL(r) network management software. PATROL contains a
vulnerability that may allow local attackers to compromise root access.
The agent creates insecure temporary files that may lead to a symbolic
link attack.
Updated Fix Information:
BMC has made a patch available for this vulnerability. BMC recommends
that its customers upgrade to PATROL Agent version 3.2.07, released
September 21, 1998.
How to download version 3.2.07 PATROL Agent for Unix patch from the web:
1. Go to http://www.bmc.com/
2. Choose Support.
3. Choose Log in to Support. The Enter Network Password windowappears.
4. Enter your User name and Password.
5. Click on "P." Then choose PatrolAgent for Unix.
6. In the "Latest Version: 3.2.07" section, click Product Fixes Available.
7. A list of target types appears. For the appropriate target type,click
the corresponding link to start downloading the file.
8. A File Download dialog requests what you would want to do with the file.
Choose to save the file to disk.
9. Specify where to save the file on your hard disk.
10. For instructions on how to install the patch, click the hypertext link
to PTRL327.readme.
Note: Depending on the browser, the name of the patch file might be
different from the name specified in the PTRL327.readme. For example,
using Netscape Navigator on Windows NT, the file name ends in "_tar" instead
of ".tar.Z".
_____
Copyright (c) 1998 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this alert in
any other medium excluding electronic medium, please e-mail xforce@iss.net
for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.
X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html
aswell as on MIT's PGP key server and PGP.com's key server.
X-Force Vulnerability and Threat Database: http://www.iss.net/xforce
Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBNlBiZTRfJiV99eG9AQF+IgQAu1uN+oVSlCiWWxwS14nv2/KkLZ6inukx
179R/OFDYUB2B14SmgE5x29M6+EHX2ap1e72bPJzYWLmk3LJi8N8f7gdQFsqTF3j
xuUTHrKrgIuyS+YNYEhXWSg76zf7T/kqrTyNbuUV0mSu4vlI+QuRDw3dJNWrumnQ
Q4cudw+veok=
=gJ5c
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed