CVE-ID

CVE-1999-0186

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
19990607 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20071119)
Votes (Legacy)
ACCEPT(2) Baker, Dik
MODIFY(1) Frech
NOOP(1) Wall
REVIEWING(1) Christey
Comments (Legacy)
 Frech> Change XF:snmp-backdoor-access to XF:sol-hidden-commstr
   Add ISS:Hidden Community String in SNMP Implementation
 Christey> What is the proper level of abstraction to use here?  Should
   we have a separate entry for each different default community
   string?  See:
   http://cve.mitre.org/Board_Sponsors/archives/msg00242.html and
   http://cve.mitre.org/Board_Sponsors/archives/msg00250.html
   http://cve.mitre.org/Board_Sponsors/archives/msg00251.html
   
   Until the associated content decisions have been approved
   by the Editorial Board, this candidate cannot be accepted
   for inclusion in CVE.
 Christey> ADDREF BID:177
 Christey> ISS:19981102 Hidden community string in SNMP implementation
   http://xforce.iss.net/alerts/advise11.php
   
   Change description to include "hidden"
 Christey> XF:snmp-backdoor-access is missing.

Proposed (Legacy)
19990726
This is an entry on the CVE list, which standardizes names for security problems.