SCO OpenServer SNMPD Default Community Vulnerability

A vulnerability exists in the default configuration of the Simple Network Management Protocol (SNMP) daemon, as shipped with SCO's OpenServer 5.0.5 operating system. By default, the community name 'private' is set in the /etc/snmpd.comm file. An attacker can use the "write" capabilities of this community to alter routing tables, tear down connections, and a myriad of other attacks, many of which could result in the compromise of the machine.


 

Privacy Statement
Copyright 2010, SecurityFocus