Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: HP/UX :: snmp12.htm

HP-UX 11.00 snmpdm logfile with root privs, 777 permissions



Vulnerability

    /usr/sbin/snmpdm

Affected

    HP-UX 11.00

Description

    Following is  based on  Hackerslab Advisory  (and tested  on HP-UX
    B.11.00 A).  Snmpdm  is Simple Network Management  Protocol (SNMP)
    Daemon.  When SNMP daemon is started, it creates a temporary  file
    and change the permission of setup-file.

    When the snmpd daemon  is started, it creates  /tmp/snmpd.log file
    with an  privilege of  root. Unfortunately  the file  contains 777
    permition.

        $ ls -al /tmp/snmpd.log
        -rwxrwxrwx   1 root       sys             23 Jun  4 01:23 /tmp/snmpd.log

    /etc/SnmpAgent.d/snmpd.conf file - the  setup file of SNMP  daemon
    is world writable.

        $ ls -al /etc/SnmpAgent.d/snmpd.conf
        -rw-rw-rw-   1 root       sys           6959 Jun  3 21:03  /etc/SnmpAgent.d/snmpd.conf

    You can create a  file using a simple  symbolic link, and you  can
    obtain the  root by  inserting trap  program.   The /tmp/snmpd.log
    file is created, even if the logfile is specified by -I option

        # /usr/sbin/snmpdm -l /etc/snmpd.log
        SNMP Research SNMP Agent Resident Module Version 14.0.1.0
        Copyright 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996 SNMP Research, Inc.
        # ls -al /etc/snmpd.log
        -rw-rw-rw-   1 root       sys             83 Jun  4 01:27 /etc/snmpd.log
        # ls -al /tmp/snmpd.log
        -rwxrwxrwx   1 root       sys             23 Jun  4 01:27 snmpd.log

Solution

    The  /etc/SnmpAgent.d/snmpd.conf  file  permission  problem can be
    solved  by  installing  PHSS_21046.   Older  versions  of  Emanate
    Master Agents (pre PHSS_17945) were temporarily moving  snmpd.conf
    to  /tmp  and  re-creating  /etc/SnmpAgent.d/snmpd.conf  using the
    current umask set for root.  The code has been changed to preserve
    the file access rights.

    The Master Agent log file(s)  are still created using the  current
    umask if the files are not present, else the previous  permissions
    are preserved.  The following steps should be performed:

        1) install PHSS_21046
        2) chmod 600 /etc/SnmpAgent.d
        3) chmod 600 /var/adm/snmpd.log


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH