Andrea Brancatelli
2016-Jan-14 11:40 UTC
Insecure default bsnmpd.conf permissions (CVE-2015-5677)
Hello everybody. I just read the above security advisory. In the solution it says: "This vulnerability can be fixed by modifying the permission on /etc/bsnmpd.conf to owner root:wheel and permission 0600." I guess it's a typo and the correct filename is /etc/snmpd.config, right? There's no /etc/bsnmpd.conf in the default config... Thanks. -- Andrea Brancatelli
On Jan 14 12:40, Andrea Brancatelli wrote:>Hello everybody. > >I just read the above security advisory. In the solution it says: > >"This vulnerability can be fixed by modifying the permission on >/etc/bsnmpd.conf to owner root:wheel and permission 0600." > >I guess it's a typo and the correct filename is /etc/snmpd.config, >right? There's no /etc/bsnmpd.conf in the default config... >I think you may be right. I don't use bsnmp so I just checked the permissions of the existing file which were 644 and then deleted it and ran mergemaster. mergemaster then reinstalled the missing file and the permissions are now 600. -- Matt