Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Gary Parker on February 13, 2002, 12:14:20 PM

Title: SNMP Vulnerabilities...
Post by: Gary Parker on February 13, 2002, 12:14:20 PM

This ( http://www.cert.org/advisories/CA-2002-03.html ) seems to be causing quite a stir around the 'net at the moment ( http://www.theregister.co.uk/content/5/24040.html ).

With regards to e-smith, is the snmp daemon bound to the external adapter in gateway configurations and, if so, how does one go about 'fixing' it? Blocking the ports on the external adapter that SNMP uses would seem the easiest method....

If such action is needed, will a blade be available for the less tech-savvy users?

Gary

Title: Re: SNMP Vulnerabilities...
Post by: Damien Curtain on February 13, 2002, 12:38:05 PM

Gary Parker wrote:
>
> This ( http://www.cert.org/advisories/CA-2002-03.html ) seems
> to be causing quite a stir around the 'net at the moment (
> http://www.theregister.co.uk/content/5/24040.html ).
>
> With regards to e-smith, is the snmp daemon bound to the
> external adapter in gateway configurations and, if so, how
> does one go about 'fixing' it? Blocking the ports on the
> external adapter that SNMP uses would seem the easiest
> method....
>
> If such action is needed, will a blade be available for the
> less tech-savvy users?

snmpd is _not_ shipped with sme.

For anyone who actually has gone and installed ucd-snmpd themselves, as a 3rd party unsupported addition to their server, you can install the following:

E-smith 5.1.2
ftp://updates.redhat.com/7.1/en/os/i386/ucd-snmp-4.2.3-1.7.1.3.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/ucd-snmp-utils-4.2.3-1.7.1.3.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/ucd-snmp-devel-4.2.3-1.7.1.3.i386.rpm

I cant recall what the other versions were based on...

--
 Damien

Title: Re: SNMP Vulnerabilities...
Post by: Gary Parker on February 13, 2002, 01:03:03 PM

Cheers Damien....
    feel silly now, but secure all the same :)

I never actually tried snmp walking my e-smith box and just assumed it was there...

G.

Title: Re: SNMP Vulnerabilities...
Post by: Charlie Brady on February 15, 2002, 03:27:12 AM

Gary Parker wrote:

> I never actually tried snmp walking my e-smith box and just
> assumed it was there...

If it had have been there, it would not have been bound to the external interface, would have been configured to only respond to internal addresses and would have been protected by a packet filter as well.

http://www.e-smith.org/docs/papers/smeserver-security.html

Charlie