CVE-1999-0186
CVSS10.0
发布时间 :1998-10-01 00:00:00
修订时间 :2008-09-09 08:33:55
NMCOS    

[原文]In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.


[CNNVD]Solaris SNMP默认共同体串后门访问漏洞(CNNVD-199810-002)

        
        Solstice Enterprise Agents (SEA)是运行于Sun Solaris系统上的管理程序,它支持SNMP和DMI协议。
        Sun SNMP子代理存在一个默认的共同体串,远程攻击者可以利用其来获取对系统的非法访问。
        Sun SNMP子代理允许远程攻击者使用一个默认的"all private"共同体串访问系统,修改系统参数或在主机上以root用户权限执行任意命令。SEA软件的1.0.1版本是与Solaris 2.6系统绑定发布的。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0186
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0186
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199810-002
(官方数据源) CNNVD

- 其它链接及资源

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm
(UNKNOWN)  CONFIRM  http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm

- 漏洞信息

Solaris SNMP默认共同体串后门访问漏洞
危急 其他
1998-10-01 00:00:00 2005-10-20 00:00:00
远程  
        
        Solstice Enterprise Agents (SEA)是运行于Sun Solaris系统上的管理程序,它支持SNMP和DMI协议。
        Sun SNMP子代理存在一个默认的共同体串,远程攻击者可以利用其来获取对系统的非法访问。
        Sun SNMP子代理允许远程攻击者使用一个默认的"all private"共同体串访问系统,修改系统参数或在主机上以root用户权限执行任意命令。SEA软件的1.0.1版本是与Solaris 2.6系统绑定发布的。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 如果SEA软件不是必要的,停止此服务:
         % su
         Password:
         # /etc/init.d/init.snmpdx stop
         # mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
        厂商补丁:
        Sun
        ---
        Sun已经为此发布了一个安全公告(Sun-00178)以及相应补丁:
        Sun-00178:SNMP
        链接:
        http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/178&type=0&nav=sec.sba

        补丁下载:
        
        http://www.sun.com/solstice/products/ent.agents/

- 漏洞信息

11964
Solaris Solstice Enterprise Agents SNMP Hidden Community String
Remote / Network Access Authentication Management
Loss of Integrity
Exploit Unknown

- 漏洞描述

By default, Solaris SNMP has a hard-coded hidden community string. This hidden community string has read-write access to the "mibiisa" extensible agent. By accessing the "mibiisa" extensible agent, an attacker could execute arbitrary commands with root privileges on the system, resulting in a loss of integrity.

- 时间线

1998-11-19 Unknow
Unknow Unknow

- 解决方案

Upgrade to version Solstice Enterprise Agent 1.03 or higher and/or apply patch 106787-02 to Solaris 5.6, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable the SNMP daemons temporarily by executing the following commands: # /etc/init.d/init.snmpdx stop # mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Solaris SNMP Vulnerability
Access Validation Error 177
No No
1998-08-12 12:00:00 2009-07-11 12:16:00
ISS Security Update November 16th, 1998 Hidden community string in SNMP implementation

- 受影响的程序版本

Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1
Sun Solaris 2.6_x86
Sun Solaris 2.6
Sun Solaris 2.5_x86
Sun Solaris 2.4_x86
Sun Solaris 2.4

- 漏洞讨论

The Solstice Enterprise Agents (SEA) enables the creation of custom, extensible agents for device and system management for Solaris. SEA supports both the Simple Network Management Protocol (SNMP) and DMI protocols.

A default community string is present in the Sun SNMP subagent that may be remotely exploited by an unauthorized user to modify system parameters or execute arbitrary commands with root privileges.

SEA was initially available as an unbundled product and later bundled
with Solaris 2.6 at version 1.0.1.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

The following items are recommended to addresses this vulnerability:

Sites running Solaris 2.6 and SEA on Solaris 2.5.1 should upgrade the SEA software to SEA 1.03. SEA 1.0.3 is bundled with Solaris 7. SEA 1.0.3 is available for Solaris
2.6, 2.6_x86, 2.5.1, and 2.5.1_x86 and may be downloaded from:

http://www.sun.com/solstice/products/ent.agents/

Sites running SEA 1.0 on Solaris 2.4 and 2.5 should either disable SEAor upgrade the operating system to Solaris 7 if possible. Sites upgrading to Solaris 2.5.1 or 2.6 may
obtain SEA 1.0.3 from the URL listed above.


Sun Solaris 2.6

Sun Solaris 2.6_x86
  • Sun 106600-02

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站