Fix the snmpd.config file name throughout the advisory.
Submitted by: Wout Decré <wout canodus.be> Submitted by: Andrei <az azsupport.com>
This commit is contained in:
parent
e274192952
commit
e462d7d801
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=48016
1 changed files with 19 additions and 19 deletions
|
@ -5,7 +5,7 @@ Hash: SHA512
|
|||
FreeBSD-SA-16:06.bsnmpd Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Insecure default bsnmpd.conf permissions
|
||||
Topic: Insecure default snmpd.config permissions
|
||||
|
||||
Category: contrib
|
||||
Module: bsnmpd
|
||||
|
@ -32,8 +32,8 @@ implements all other MIBs through loadable modules.
|
|||
II. Problem Description
|
||||
|
||||
The SNMP protocol supports an authentication model called USM, which relies
|
||||
on a shared secret. The default permission of the bsnmpd configuration file,
|
||||
/etc/bsnmpd.conf, is weak and does not provide adequate protection against
|
||||
on a shared secret. The default permission of the snmpd.configiguration file,
|
||||
/etc/snmpd.config, is weak and does not provide adequate protection against
|
||||
local unprivileged users.
|
||||
|
||||
III. Impact
|
||||
|
@ -49,7 +49,7 @@ authentication model are not vulnerable.
|
|||
V. Solution
|
||||
|
||||
This vulnerability can be fixed by modifying the permission on
|
||||
/etc/bsnmpd.conf to owner root:wheel and permission 0600.
|
||||
/etc/snmpd.config to owner root:wheel and permission 0600.
|
||||
|
||||
The patch is provided mainly for third party vendors who deploy FreeBSD
|
||||
and provide a safe default. The patch itself DOES NOT fix the permissions
|
||||
|
@ -60,7 +60,7 @@ The patch can be applied by performing one of the following:
|
|||
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date.
|
||||
|
||||
The system administrator should change the permission on /etc/bsnmpd.conf
|
||||
The system administrator should change the permission on /etc/snmpd.config
|
||||
to root:wheel and 0600.
|
||||
|
||||
2) To update your vulnerable system via a binary patch:
|
||||
|
@ -71,7 +71,7 @@ platforms can be updated via the freebsd-update(8) utility:
|
|||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
The system administrator should change the permission on /etc/bsnmpd.conf
|
||||
The system administrator should change the permission on /etc/snmpd.config
|
||||
to root:wheel and 0600.
|
||||
|
||||
3) To update your vulnerable system via a source code patch:
|
||||
|
@ -126,17 +126,17 @@ The latest revision of this advisory is available at
|
|||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:06.bsnmpd.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIcBAEBCgAGBQJWl2j4AAoJEO1n7NZdz2rnkaQP/3K9kqYY1YoHQ++uzFPnfuZQ
|
||||
mkGPJ0frGG46pTL806QJidky6D0LP0zNCzhtU45ZlFMguJ3B3QYp/62Cw61dBG22
|
||||
x0uEkvI2F2F39IPA/clspyUHg3Y1RYgTpJrxey0JLrK0yxelyI8vMwB4tCB2eEDW
|
||||
ZGVU6rvFQcWJOWHABXVYcc+4Yy5ucudp0QbJsVHAKLtF7MLuntVlUj+x4Nncog5k
|
||||
kmGt6W7tzFn2gNsWcmntmG/LWyPkPURWhYfIj3fgcRrpMTVIDFX5PTgQyJR7DwOM
|
||||
/beIoQxxKBUwTW1ZRgvcCqFBu7DKSCMABoHgpqLj1gdeiJ1LaO4dErtWXvdBEAAP
|
||||
+XLi5OkRG3OKzIAIRnkz/SrkAUoRkzHEK1dI0coyw7AdXXjDBWtX+n9lzRXs7hqT
|
||||
LC3riK/Km9OYVn3+T7tCWnvKN45f+FnD8zxZDE+33Jv9wI8X+CCs9GjJdoJ0HDSd
|
||||
b6rg8E4gGPzfwFxSNXZQKfDSSuVBECIp3av1gp6hN3qZNOX/sadMsxro8VVGFLPg
|
||||
81rC+JfKNTeVtxF8oJi9eg3FQ/eupxQv4RvC2c37R7LcErAU1KKxZyNrwv6xDEMx
|
||||
QVnx74o+luxXSirLxq276pfBQJdMjxYzWCj6E8ztcAZenz3M4WNiRFlt7hdq/3YO
|
||||
bDBdQPe4eYSHHSGyGcz/
|
||||
=LDPU
|
||||
iQIcBAEBCgAGBQJWl+LcAAoJEO1n7NZdz2rnZgcQANXfhZ5c/0sRlLmSGtvvCOvC
|
||||
Zw7OEFrFuEgDL4RmjsJznQ6CJ7CO/4rF6+oaDRpCaJCfo2r92mpk3N+q907L9yZD
|
||||
JR6dXajZugrq5cXnn3n5zMKiWQJnA5hQ9xz4dxRIsVwGcDKNmPDH37nmL7iv0E1n
|
||||
AkTLoUTXqwYZvUm+K3uDXA/i/ML8lQ7ERRdY2+4cufo2pGD6TfzNuxYMOzQldS29
|
||||
4ikv30TTdSMhKxjYS+qMkeFKvwr2UGwERO/eGhoBwqwXV0MAsKDgX4ahfgu7VQln
|
||||
Qs+2VaRk9PYPYS6DuOaUc+rCJ1SxmZ5/vK7ULt4zvxNT0r+sp0wvxYsDcQP2JDL5
|
||||
iY+O0gvDi4ob0Y+30YaLwoM7L7yW+Lzgv+QgT344T2iDOu3ZEZK/n4gEkD+HYNkJ
|
||||
/mU/frCbBbcil8AhyiBO/shjATPfRWSGJUpkYpDDnzR1fhojRJlrkl8WOprjHtYw
|
||||
OntSUQ1tXsYUJ0iNyhYDNlfI8abjOw/jAqeFBFjFa6FvA/pml+jyWGsscl7evrwQ
|
||||
uIzJo7yHwcqxa7pqSAdiPRVE3hnzeR0yZtOHBpOvR/veHdoXfYhn1QZCIy6hbuSy
|
||||
gN3vPm+vow5Ls46i0JVNzXRdGWiIVyfHt9axoQOef5zvbsLm9qgGECrTBHjbow2I
|
||||
fQ7dKyaCpR1ORJ0NLH61
|
||||
=hOZk
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
Loading…
Reference in a new issue