Fix the snmpd.config file name throughout the advisory.

Submitted by:	Wout Decré <wout canodus.be>
Submitted by:	Andrei <az azsupport.com>
This commit is contained in:
Gleb Smirnoff 2016-01-14 18:05:15 +00:00
parent e274192952
commit e462d7d801
Notes: svn2git 2020-12-08 03:00:23 +00:00
svn path=/head/; revision=48016

View file

@ -5,7 +5,7 @@ Hash: SHA512
FreeBSD-SA-16:06.bsnmpd Security Advisory
The FreeBSD Project
Topic: Insecure default bsnmpd.conf permissions
Topic: Insecure default snmpd.config permissions
Category: contrib
Module: bsnmpd
@ -32,8 +32,8 @@ implements all other MIBs through loadable modules.
II. Problem Description
The SNMP protocol supports an authentication model called USM, which relies
on a shared secret. The default permission of the bsnmpd configuration file,
/etc/bsnmpd.conf, is weak and does not provide adequate protection against
on a shared secret. The default permission of the snmpd.configiguration file,
/etc/snmpd.config, is weak and does not provide adequate protection against
local unprivileged users.
III. Impact
@ -49,7 +49,7 @@ authentication model are not vulnerable.
V. Solution
This vulnerability can be fixed by modifying the permission on
/etc/bsnmpd.conf to owner root:wheel and permission 0600.
/etc/snmpd.config to owner root:wheel and permission 0600.
The patch is provided mainly for third party vendors who deploy FreeBSD
and provide a safe default. The patch itself DOES NOT fix the permissions
@ -60,7 +60,7 @@ The patch can be applied by performing one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The system administrator should change the permission on /etc/bsnmpd.conf
The system administrator should change the permission on /etc/snmpd.config
to root:wheel and 0600.
2) To update your vulnerable system via a binary patch:
@ -71,7 +71,7 @@ platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The system administrator should change the permission on /etc/bsnmpd.conf
The system administrator should change the permission on /etc/snmpd.config
to root:wheel and 0600.
3) To update your vulnerable system via a source code patch:
@ -126,17 +126,17 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:06.bsnmpd.asc>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWl2j4AAoJEO1n7NZdz2rnkaQP/3K9kqYY1YoHQ++uzFPnfuZQ
mkGPJ0frGG46pTL806QJidky6D0LP0zNCzhtU45ZlFMguJ3B3QYp/62Cw61dBG22
x0uEkvI2F2F39IPA/clspyUHg3Y1RYgTpJrxey0JLrK0yxelyI8vMwB4tCB2eEDW
ZGVU6rvFQcWJOWHABXVYcc+4Yy5ucudp0QbJsVHAKLtF7MLuntVlUj+x4Nncog5k
kmGt6W7tzFn2gNsWcmntmG/LWyPkPURWhYfIj3fgcRrpMTVIDFX5PTgQyJR7DwOM
/beIoQxxKBUwTW1ZRgvcCqFBu7DKSCMABoHgpqLj1gdeiJ1LaO4dErtWXvdBEAAP
+XLi5OkRG3OKzIAIRnkz/SrkAUoRkzHEK1dI0coyw7AdXXjDBWtX+n9lzRXs7hqT
LC3riK/Km9OYVn3+T7tCWnvKN45f+FnD8zxZDE+33Jv9wI8X+CCs9GjJdoJ0HDSd
b6rg8E4gGPzfwFxSNXZQKfDSSuVBECIp3av1gp6hN3qZNOX/sadMsxro8VVGFLPg
81rC+JfKNTeVtxF8oJi9eg3FQ/eupxQv4RvC2c37R7LcErAU1KKxZyNrwv6xDEMx
QVnx74o+luxXSirLxq276pfBQJdMjxYzWCj6E8ztcAZenz3M4WNiRFlt7hdq/3YO
bDBdQPe4eYSHHSGyGcz/
=LDPU
iQIcBAEBCgAGBQJWl+LcAAoJEO1n7NZdz2rnZgcQANXfhZ5c/0sRlLmSGtvvCOvC
Zw7OEFrFuEgDL4RmjsJznQ6CJ7CO/4rF6+oaDRpCaJCfo2r92mpk3N+q907L9yZD
JR6dXajZugrq5cXnn3n5zMKiWQJnA5hQ9xz4dxRIsVwGcDKNmPDH37nmL7iv0E1n
AkTLoUTXqwYZvUm+K3uDXA/i/ML8lQ7ERRdY2+4cufo2pGD6TfzNuxYMOzQldS29
4ikv30TTdSMhKxjYS+qMkeFKvwr2UGwERO/eGhoBwqwXV0MAsKDgX4ahfgu7VQln
Qs+2VaRk9PYPYS6DuOaUc+rCJ1SxmZ5/vK7ULt4zvxNT0r+sp0wvxYsDcQP2JDL5
iY+O0gvDi4ob0Y+30YaLwoM7L7yW+Lzgv+QgT344T2iDOu3ZEZK/n4gEkD+HYNkJ
/mU/frCbBbcil8AhyiBO/shjATPfRWSGJUpkYpDDnzR1fhojRJlrkl8WOprjHtYw
OntSUQ1tXsYUJ0iNyhYDNlfI8abjOw/jAqeFBFjFa6FvA/pml+jyWGsscl7evrwQ
uIzJo7yHwcqxa7pqSAdiPRVE3hnzeR0yZtOHBpOvR/veHdoXfYhn1QZCIy6hbuSy
gN3vPm+vow5Ls46i0JVNzXRdGWiIVyfHt9axoQOef5zvbsLm9qgGECrTBHjbow2I
fQ7dKyaCpR1ORJ0NLH61
=hOZk
-----END PGP SIGNATURE-----