This is a multi-part message in MIME format.

--===============1607965307==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C8A18E.A9EA53C4"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8A18E.A9EA53C4
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Dear net-snmp-coders,

=20

I have a question on SNMP-COMMUNITY-MIB security that I need you
experts' advice.

=20

It seems there could be a security hole in snmpCommunityTable. What if a
user who only has access to read-only community name "public", used it
to walk through snmpCommunityName, which would also populate the
read-write community name "private". Then the read-only user gained the
read-write community access.

=20

How do I prevent this security hole in my implementation?

=20

I appreciate your inputs.=20

Thanks

Emi


------_=_NextPart_001_01C8A18E.A9EA53C4
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

=3D"urn:schemas-microsoft-comfficeffice" =
xmlns:w=3D"urn:schemas-microsoft-comffice:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">









style=3D'font-size:10.0pt;
font-family:Arial'>Dear net-snmp-coders,>>



style=3D'font-size:10.0pt;
font-family:Arial'>>



style=3D'font-size:
12.0pt'>I have a question on SNMP-COMMUNITY-MIB security that I need you =
experts’
advice.>>



style=3D'font-size:
12.0pt'>>



style=3D'font-size:
12.0pt'>It seems there could be a security hole in snmpCommunityTable. =
What if
a user who only has access to read-only community name =
“public”,
used it to walk through  snmpCommunityName, which would also =
populate the
read-write community name “private”. Then the read-only user =
gained
the read-write community access.>>



style=3D'font-size:
12.0pt'>>



style=3D'font-size:
12.0pt'>How do I prevent this security hole in my =
implementation?>>



style=3D'font-size:
12.0pt'>>



style=3D'font-size:
12.0pt'>I appreciate your inputs. >>



style=3D'font-size:
12.0pt'>Thanks>>



style=3D'font-size:10.0pt;
font-family:Arial'>Emi>>









------_=_NextPart_001_01C8A18E.A9EA53C4--


--===============1607965307==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============1607965307==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/...et-snmp-coders

--===============1607965307==--