ISS Security Advisory: Hidden SNMP community in HP OpenView

X-Force (xforce@ISS.NET)
Mon, 2 Nov 1998 17:56:01 -0500


-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Advisory
November 2nd, 1998

Hidden SNMP community in HP OpenView

Synopsis:

Internet Security Systems (ISS) X-Force has researched a hidden SNMP community
string that exists in HP OpenView.  This community may allow unauthorized
access to certain SNMP variables.  Attackers may use this hidden community to
learn about network topology as well as modify MIB variables.

Affected Versions:

ISS X-Force has confirmed that this vulnerability is present in HP OpenView
Version 5.02.  Earlier versions are believed to be vulnerable.  HP-UX 9.X and
HP-UX 10.X SNMP agents are vulnerable if OpenView is installed.  OpenView for
Solaris 2.X is also vulnerable.  OpenView for Windows NT is not vulnerable.

Fix Information:

HP has made the following patches available:

PHSS_16800:             HP-UX Version 10.X
PHSS_16799:             HP-UX Version 9.X
PHOV_02190:             Solaris Version 2.X

Description:

All hosts in a managed network rely on the proper delivery and collection of
SNMP data.  This vulnerability allows remote attackers access to portions of
the MIB tree used for configuration and maintenance of the SNMP agent.

Attackers may use this hidden community from remote to gain information
otherwise reserved for authorized users.  Attackers can also use this community
to disrupt collection of data over SNMP as well as sever communication between
Collection Agents and Management stations.

Additional Information:

ISS Internet Scanner and ISS RealSecure real-time intrusion detection software
have the capability to detect these vulnerabilities.

- ----------

Copyright (c) 1998 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this alert
electronically.  It is not to be edited in any way without express consent
of X-Force.  If you wish to reprint the whole or any part of this alert in
any other medium excluding electronic medium, please e-mail xforce@iss.net
for permission.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at
the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNj4p6DRfJiV99eG9AQHzUQQAiQuk5dH2ITvRrkUnDcbnFXpXL3cYrRr1
qI1njwegNburPEiKV14BPCRAVCcn2uWMpkd4E0ChsmMqwBspM3YoFdNqEuzhsqac
pB0CoUizcltd2kZFBbeo2BcIrqSWKAxT326pf9s4Q9Pv7h+1uUlsgNYrH0YSMA7b
l6bnK7VDfUI=
=H2mz
-----END PGP SIGNATURE-----