Date: Thu, 14 Jan 2016 18:05:15 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r48016 - head/share/security/advisories Message-ID: <201601141805.u0EI5FLC093375@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius (src committer) Date: Thu Jan 14 18:05:15 2016 New Revision: 48016 URL: https://svnweb.freebsd.org/changeset/doc/48016 Log: Fix the snmpd.config file name throughout the advisory. Submitted by: Wout Decré <wout canodus.be> Submitted by: Andrei <az azsupport.com> Modified: head/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc Modified: head/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc Thu Jan 14 17:50:53 2016 (r48015) +++ head/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc Thu Jan 14 18:05:15 2016 (r48016) @@ -5,7 +5,7 @@ Hash: SHA512 FreeBSD-SA-16:06.bsnmpd Security Advisory The FreeBSD Project -Topic: Insecure default bsnmpd.conf permissions +Topic: Insecure default snmpd.config permissions Category: contrib Module: bsnmpd @@ -32,8 +32,8 @@ implements all other MIBs through loadab II. Problem Description The SNMP protocol supports an authentication model called USM, which relies -on a shared secret. The default permission of the bsnmpd configuration file, -/etc/bsnmpd.conf, is weak and does not provide adequate protection against +on a shared secret. The default permission of the snmpd.configiguration file, +/etc/snmpd.config, is weak and does not provide adequate protection against local unprivileged users. III. Impact @@ -49,7 +49,7 @@ authentication model are not vulnerable. V. Solution This vulnerability can be fixed by modifying the permission on -/etc/bsnmpd.conf to owner root:wheel and permission 0600. +/etc/snmpd.config to owner root:wheel and permission 0600. The patch is provided mainly for third party vendors who deploy FreeBSD and provide a safe default. The patch itself DOES NOT fix the permissions @@ -60,7 +60,7 @@ The patch can be applied by performing o 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. -The system administrator should change the permission on /etc/bsnmpd.conf +The system administrator should change the permission on /etc/snmpd.config to root:wheel and 0600. 2) To update your vulnerable system via a binary patch: @@ -71,7 +71,7 @@ platforms can be updated via the freebsd # freebsd-update fetch # freebsd-update install -The system administrator should change the permission on /etc/bsnmpd.conf +The system administrator should change the permission on /etc/snmpd.config to root:wheel and 0600. 3) To update your vulnerable system via a source code patch: @@ -126,17 +126,17 @@ The latest revision of this advisory is <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:06.bsnmpd.asc>; -----BEGIN PGP SIGNATURE----- -iQIcBAEBCgAGBQJWl2j4AAoJEO1n7NZdz2rnkaQP/3K9kqYY1YoHQ++uzFPnfuZQ -mkGPJ0frGG46pTL806QJidky6D0LP0zNCzhtU45ZlFMguJ3B3QYp/62Cw61dBG22 -x0uEkvI2F2F39IPA/clspyUHg3Y1RYgTpJrxey0JLrK0yxelyI8vMwB4tCB2eEDW -ZGVU6rvFQcWJOWHABXVYcc+4Yy5ucudp0QbJsVHAKLtF7MLuntVlUj+x4Nncog5k -kmGt6W7tzFn2gNsWcmntmG/LWyPkPURWhYfIj3fgcRrpMTVIDFX5PTgQyJR7DwOM -/beIoQxxKBUwTW1ZRgvcCqFBu7DKSCMABoHgpqLj1gdeiJ1LaO4dErtWXvdBEAAP -+XLi5OkRG3OKzIAIRnkz/SrkAUoRkzHEK1dI0coyw7AdXXjDBWtX+n9lzRXs7hqT -LC3riK/Km9OYVn3+T7tCWnvKN45f+FnD8zxZDE+33Jv9wI8X+CCs9GjJdoJ0HDSd -b6rg8E4gGPzfwFxSNXZQKfDSSuVBECIp3av1gp6hN3qZNOX/sadMsxro8VVGFLPg -81rC+JfKNTeVtxF8oJi9eg3FQ/eupxQv4RvC2c37R7LcErAU1KKxZyNrwv6xDEMx -QVnx74o+luxXSirLxq276pfBQJdMjxYzWCj6E8ztcAZenz3M4WNiRFlt7hdq/3YO -bDBdQPe4eYSHHSGyGcz/ -=LDPU +iQIcBAEBCgAGBQJWl+LcAAoJEO1n7NZdz2rnZgcQANXfhZ5c/0sRlLmSGtvvCOvC +Zw7OEFrFuEgDL4RmjsJznQ6CJ7CO/4rF6+oaDRpCaJCfo2r92mpk3N+q907L9yZD +JR6dXajZugrq5cXnn3n5zMKiWQJnA5hQ9xz4dxRIsVwGcDKNmPDH37nmL7iv0E1n +AkTLoUTXqwYZvUm+K3uDXA/i/ML8lQ7ERRdY2+4cufo2pGD6TfzNuxYMOzQldS29 +4ikv30TTdSMhKxjYS+qMkeFKvwr2UGwERO/eGhoBwqwXV0MAsKDgX4ahfgu7VQln +Qs+2VaRk9PYPYS6DuOaUc+rCJ1SxmZ5/vK7ULt4zvxNT0r+sp0wvxYsDcQP2JDL5 +iY+O0gvDi4ob0Y+30YaLwoM7L7yW+Lzgv+QgT344T2iDOu3ZEZK/n4gEkD+HYNkJ +/mU/frCbBbcil8AhyiBO/shjATPfRWSGJUpkYpDDnzR1fhojRJlrkl8WOprjHtYw +OntSUQ1tXsYUJ0iNyhYDNlfI8abjOw/jAqeFBFjFa6FvA/pml+jyWGsscl7evrwQ +uIzJo7yHwcqxa7pqSAdiPRVE3hnzeR0yZtOHBpOvR/veHdoXfYhn1QZCIy6hbuSy +gN3vPm+vow5Ls46i0JVNzXRdGWiIVyfHt9axoQOef5zvbsLm9qgGECrTBHjbow2I +fQ7dKyaCpR1ORJ0NLH61 +=hOZk -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601141805.u0EI5FLC093375>