SNMPv1 Vulnerabilities of SystemWalker/CentricMGR September 20th, 2002

This bulletin provides security information about the reports to CERT/CC, the coordination center, or detected by Fujitsu's own examination by the published date.

Products developed by third parties may be included as subject products. Information about such third party products may be exactly the same as provided by the respective third party.

The contents of this bulletin are provided "AS IS" without warranties of any kind, either express or implied (including, without limitation, any implied warranty of merchantability, fitness for a particular purpose and non-infringement). In no event shall Fujitsu be liable for any direct, indirect, special, incidental, consequential, punitive, or any other damages of any kind, including, without limitation, loss of profits and loss of data incurred by a customer arising out of, or in connection with, the use or non-use of any information in this bulletin, even if Fujitsu has been advised of the possibility of such damages.

The information contained in this bulletin will be updated from time to time without notice. Therefore, all customers are advised to always ascertain the latest information. In case of redistribution of this security bulletin, the full text of this statement shall be reproduced.

---

---

1. Background

According to CERT Advisory CA-2002-03, multiple vulnerabilities in the SNMPv1 implementation have been reported in advance. In SystemWalker/CentricMGR, the following three problems are found with regard to this issue:

• There is a security problem with receiving SNMP traps and receiving SNMP trap requests. This problem may cause system administrator privileges to be gained by unauthorized users.
• Due to a security problem when receiving SNMP request messages in SystemWalker/CentricMGR, system administrator privileges may be gained by unauthorized users.
• When receiving SNMP request messages related to the extended MIB in SystemWalker/CentricMGR, access control by community name and manager definition cannot be performed. Due to this problem, extended MIB information (server performance information) could be disclosed to third parties.

2. Range of corresponding system(s)
The following describes the corresponding command/file, target products, and target OS. Also note that some files may not be contained depending on your server type.

3. Detected problem(s)

The following three problems have been found:

1. There is a security problem with receiving SNMP traps, which may cause system administrator privileges to be gained by unauthorized users.
   This problem is applicable to all products.
2. Due to a security problem with receiving SNMP request messages in SystemWalker/CentricMGR, system administrator privileges may be gained by unauthorized users.
   This problem is applicable to the following products:
   
   
   • SystemWalker/CentricMGR-M 5.2/ 10.0 Compatible OS: Solaris (See note)
   • SystemWalker/CentricMGR-A 5.2/ 10.0 Compatible OS: Solaris (See note)
   • SystemWalker/CentricMGR-A 5.2 Compatible OS: Linux
   Note: In Solaris, the problem is caused only if the environment settings for node name inheritance is set in a server using the SynfinityCluster node name inheritance function.
   Regarding the SNMP request receiving vulnerabilities, the security patches for each OS are also to be applied.
3. When receiving SNMP request messages to the extended MIB in SystemWalker/CentricMGR, the access control by community name and manager definition cannot be performed. Due to this problem, extended MIB information (server performance information) could be disclosed to third parties.
   This problem is applicable to the following products:
   
   
   • SystemWalker/CentricMGR-M 5.2/ 10.0 Compatible OS: Solaris (See note)
   • SystemWalker/CentricMGR-A 5.2/ 10.0 Compatible OS: Solaris (See note)
   • SystemWalker/CentricMGR-A 5.2 Compatible OS: Linux
   Note: In Solaris, the problem is caused only if the environment settings for node name inheritance is set in a server using the SynfinityCluster node name inheritance function.

4. Patch information

If a size is indicated on the Patch ID, there is a link from which you can download the patch. If there is no size indicted, it is either a Solaris package correction or a Windows update pack. In the second case, consult a Fujitsu system engineer or your partner(s) for the update.

[Contents of modification]
A modification was made for the security problem at receiving SNMP trap. For more details, refer to item 1 of "3. Detected problem(s)".

[Contents of modification]

1. A modification was made for the security problem with receiving SNMP request messages.
   For more details, refer to item b of "3. Detected problem(s)".
2. A modification was made to enable the access control at receiving SNMP request message for the MIB extended by SystemWalker/CentricMGR based on community name and manager definition.
   For more details, refer to item c of "3. Detected problem(s)".

For the Patches, please contact a Fujitsu system engineer.

5. Method to temporarily avoid the problem

It is recommended to use firewalls to run the management servers in a reliable network. In the firewall settings, block the UDP ports 161 and 162 used by SNMP.
In such an environment, only limited users in an intranet can use the vulnerabilities.
If you cannot perform this method immediately, the vulnerabilities can be avoided by the appropriate method below. However some SystemWalker/CentricMGR functions become unusable.

---

For the following target products:
MpWalker/DM for Windows NT V3.0L10/ V3.0L20

---

Target server: Operation Management Server, Section Management Server

Use following procedure to stop the services and set them to manual startup:
1) Stop "Fujitsu MpWalker MpCNappl" (Service name).
2) Stop "Fujitsu MpWalker MpWksttr" (Service name).
3) Set the above services to manual startup.

After performing the above steps, the following functions are unavailable.
- Host monitor
- MIB threshold value monitoring
- Traffic threshold value monitoring
- Internet server operating status monitoring
- All satellite functions (only in Section Management Servers)
- Event notification of SNMP traps generated by network devices
- Outputting events notified by linkage with other products

- SMM

- ARCserve

- Safegate

---

For the following target products:
SystemWalker/CentricMGR SE V4.0 for Windows NT V4.0L10/ V4.0L20
SystemWalker/CentricMGR EE V4.0 for Windows NT V4.0L10/ V4.0L20

---

Target server: Operation Management Server, Section Management Server

Use the following procedure to stop the services and set them to manual startup.
1) Stop "SystemWalker MpCNappl" (Service name).
2) Stop "SystemWalker MpWksttr" (Service name).
3) Set the above services to manual startup.

After performing the above steps, the following functions are unavailable:
- Host monitor
- MIB threshold value monitoring
- Traffic threshold value monitoring
- Firewall security monitoring (EE only)
- All satellite functions (only in Section Management Servers)
- Event notification of SNMP traps generated by network devices
- Outputting events notified by SystemWalker/NetPrism
- Outputting events notified by linkage with other products

- SMM

- ARCserve

- Safegate

---

For the following target products:
SystemWalker/CentricMGR-M SE V5.0 for Windows NT V5.0L20
SystemWalker/CentricMGR-A SE V5.0 for Windows NT V5.0L20
SystemWalker/CentricMGR-M EE V5.0 for Windows NT V5.0L20
SystemWalker/CentricMGR-A EE V5.0 for Windows NT V5.0L20

---

Target server: Operation Management Server, Section Management Server

Use the following procedure to stop the services and set them to manual startup.
1) Stop "SystemWalker MpNmsmgr" (Service name).
2) Stop "SystemWalker MpNsAgt" (Service name).
3) Stop "SystemWalker MpCNappl" (Service name).
4) Stop "SystemWalker MpWksttr" (Service name).
5) Set the above services to manual startup.

After performing the above steps, the following functions are unavailable:
- Host state change
- Host status display
- Node discovery
- MIB monitoring
- MIB extension
- Node status initialization
- Performance threshold value monitoring
- WWW server security monitoring (EE only)
- Firewall security monitoring (EE only)
- Internet server operating status monitoring
- WWW server usage status display
- Event notification of SNMP traps generated by network devices
- Outputting events notified by SystemWalker/NetPrism
- Outputting events notified by linkage with other products

- SMM

- ARCserve

- Safegate

---

For the following target products:
SystemWalker/CentricMGR-M SE V5.0 for Windows V5.0L30
SystemWalker/CentricMGR-A SE V5.0 for Windows V5.0L30
SystemWalker/CentricMGR-M EE V5.0 for Windows V5.0L30
SystemWalker/CentricMGR-A EE V5.0 for Windows V5.0L30
SystemWalker/CentricMGR-M SE V10.0 for Windows V10.0L10
SystemWalker/CentricMGR-A SE V10.0 for Windows V10.0L10
SystemWalker/CentricMGR-M EE V10.0 for Windows V10.0L10
SystemWalker/CentricMGR-A EE V10.0 for Windows V10.0L10

---

Target server: Operation Management Server, Section Management Server

Use the following procedure to stop the services and set them to manual startup.
1) Stop "SystemWalker MpNmsmgr" (Service name).
2) Stop "SystemWalker MpNsAgtFw" (Service name).
3) Stop "SystemWalker MpCNappl" (Service name).
4) Stop "SystemWalker MpWksttr" (Service name).
5) Set the above services to manual startup.

After performing the above steps, the following functions are unavailable:
- Host state change
- Host status display
- Node discovery
- MIB monitoring
- MIB extension
- Node status initialization
- Performance threshold value monitoring
- Firewall security monitoring (EE only)
- Event notification of SNMP traps generated by network devices
- Outputting events notified by linkage with other products

- ARCserve

- Safegate

---

For the following target products:
SystemWalker/CentricMGR-M 5.0/ 5.2/ 10.0
SystemWalker/CentricMGR-A 5.0/ 5.2/ 10.0

---

Target server: Operation Management Server, Section Management Server

1) To prevent the scentricmgr command starting the daemon, comment out the daemon startup commands of each function described in the control file.

Control file name (for SystemWalker/CentricMGR 5.x):
/etc/opt/FJSVftlc/daemon/custom/rc2.ini
Control file name (for SystemWalker/CentricMGR 10.0):
/etc/opt/FJSVftlc/daemon/custom/start_fw.ini

Editing method:
DAEMON??="/opt/systemwalker/bin/mpnm-trapd start"
to
#DAEMON??="/opt/systemwalker/bin/mpnm-trapd start"

DAEMON??="/opt/FJSVfwntc/startntc"
to
#DAEMON??="/opt/FJSVfwntc/startntc"

Remark: In the above methods, "??" indicates the number. The number may differ depending on the version number.

Note: If SystemWalker/CentricMGR was setup in a cluster in the Operation Management Server or Section Management Server, the daemon startup commands described in the above control file may be already commented out.
Additionally, if SystemWalker/CentricMGR was set up in a cluster in the Operation Management Server or Section Management Server, you must also comment out the daemon startup commands described in the following control in both the secondary node and the primary node.

Control file name (Operation Management Server):
/opt/FJSVftlc/cluster/daemon/oms/startproc.ini
Control file name (Section Management Server):
/opt/FJSVftlc/cluster/daemon/sms/startproc.ini

2) Stop SystemWalker/CentricMGR trap daemon and NTC function using the following commands:

# kill -HUP `cat /opt/FSUNNWsnmp/etc/trapd/nwsnmp-trapd.pid`
# /opt/FJSVfwntc/stopntc

3) Make sure that the following processes are not running:

nwsnmp-trapd
mprcvtrp.exe

After performing the above steps, the following functions are unavailable:
- Host state change
- MIB monitoring
- Performance threshold value monitoring
- Event notification of SNMP traps generated by network devices
- Outputting events notified by SystemWalker/NetPrism
- Outputting events notified by linkage with other products

- SMM [5.0/ 5.2/ 5.2.1]

- ARCserve

- Safegate

---

If the following target products are installed in the Solaris 2.5.1 machine:

SystemWalker/CentricMGR-M 5.0
SystemWalker/CentricMGR-A 5.0/ 5.2

---

Target server: Operation Management Server, Section Management Server, Job Server

1) In the following file, enter a hash mark (#) at the beginning of the startup line to prevent invocation when SystemWalker/CentricMGR is started:

/etc/opt/FJSVftlc/daemon/custom/rc3.ini
DAEMON??="/opt/FJSVspmex/etc/rc/swpmexa start"
to
#DAEMON??="/opt/FJSVspmex/etc/rc/swpmexa start"

Remark: In the above methods, “??” indicates the number. The number may differ depending on the version number.

2) Use the following command to stop SystemWalker/CentricMGR performance monitoring extension agent:

# sh /opt/FJSVspmex/etc/rc/K00swpmexa stop

3) Make sure that the following process is not running:

MpTrfExAf

After performing the above steps, the following functions are unavailable:
- The performance monitoring function cannot monitor the server performance information (page fault, CPU rate, disk busy rate) [5.0]
- The performance monitoring function cannot monitor the network/server performance (page fault, CPU rate, disk busy rate) [5.2/ 5.2.1]
- The performance monitoring function cannot monitor the server performance information [5.2/ 5.2.1]

---

If SynfinityCluster node name inheritance is performed in the following target products:

SystemWalker/CentricMGR-M 5.2/ 10.0
SystemWalker/CentricMGR-A 5.2/ 10.0

---

Target server: Operation Management Server, Section Management Server, Job Server

1) Complete the following setup.

# cd /opt/FJSVspmex/etc/rc
# ./setupsea.sh

2) In the following files, enter a hash mark (#) at the beginning of the startup line to prevent invocation when SystemWalker/CentricMGR is started:

Control file name (for CentricMGR 5.x):
/etc/opt/FJSVftlc/daemon/custom/rc3.ini
Control file name (for CentricMGR 10.0):
/etc/opt/FJSVftlc/daemon/custom/start_fw.ini

Editing method
DAEMON??="/opt/FJSVspmex/etc/rc/swpmexa start"
to
#DAEMON??="/opt/FJSVspmex/etc/rc/swpmexa start"

Remark: In the above methods, “??” indicates the number. The number may differ depending on the version number.

3) Use the following command to stop SystemWalker/CentricMGR performance monitoring extension agent:

# sh /opt/FJSVspmex/etc/rc/K00swpmexa stop

4) Rename the symbolic link of MpTrfExAgt.rsrc in the /etc/snmp/conf directory to prevent invocation by SNMP agent as follows:

# cd /etc/snmp/conf
# mv ./MpTrfExAgt.rsrc ./MpTrfExAgt.rsrc.bak

Remark: Keep in mind that the extension (.rsrc) must be changed.
It will be invoked if it is not changed. In the following example, it will be invoked:
Bad example: __MpTrfExAgt__.rsrc

5) To prevent being invoked by mistake by rc, rename the following file or move it to a different location.

/etc/rc3.d/K00swpmexa -> _K00swpmexa

Remark: Keep in mind that the script is still valid if you change its name but the initial letter "K" remains, as follows:
Bad example: K00__swpmexa__

6) Make sure that the following processes are not running:

MpTrfExAr
MpTrfExAs

After performing the above steps, the following functions are unavailable:
- The performance monitoring function cannot monitor the network/server performance (page fault, CPU rate, disk busy rate).
- The performance monitoring function cannot monitor the server performance information.

---

For the following target product:
SystemWalker/CentricMGR-A 5.2 Compatible OS: Linux

---

Target server: Job server

1) Execute the following scripts.
# cd /opt/FJSVspmex/etc/rc
# ./setupRelay.sh -u

By executing the above scripts, SNMP is restored to the state before the extension agent was installed.

2) In the following file, enter a hash mark (#) at the beginning of the startup line to prevent invocation when SystemWalker/CentricMGR is started:

/etc/opt/FJSVftlc/daemon/custom/rc3.ini

Editing method
DAEMON??="/opt/FJSVspmex/etc/rc/swpmexa start"
to
#DAEMON??="/opt/FJSVspmex/etc/rc/swpmexa start"

Remark: In the above methods, “??” indicates the number. The number may differ depending on the version number.

3) Make sure that the following process is not running:

MpTrfExAgt

After performing the above steps, the following functions are unavailable:
- The performance monitoring function cannot monitor the network/server performance (page fault, CPU rate, disk busy rate).
- The performance monitoring function cannot monitor the server performance information.

---

If SNMP extension agent development kit (package name: FSUNsnmpd) is installed in the machine where Solaris is running.

Note: SNMP extension agent development kit is a separate product from SystemWalker.

---

Target server: Servers in which SNMP extension agent development kit (package name FSUNsnmpd) is installed.

1) In the following file, enter a hash mark (#) at the beginning of the startup line to prevent SNMP agent from starting up:

/etc/rc2.d/S958snmpd
/usr/sbin/snmpd&
to
#/usr/sbin/snmpd&

2) Stop SNMP agent using the following command:

# sh /etc/init.d/snmpd stop

3) Make sure that the following process is not running:

snmpd

After performing the above steps, the following functions are unavailable:
- All SNMP agent functions (MIB information reference/setting)

6. Revision history

• September 20th, 2002: 6th edition
  
  • Changed "Stop method of SystemWalker/CentricMGR trap daemon"
    
    • <Before correction>
      
      • # sh /opt/systemwalker/bin/mpnm-trapd stop
    • <After correction>
      
      • # kill -HUP `cat /opt/FSUNNWsnmp/etc/trapd/nwsnmp-trapd.pid`
  • Changed "Process name of SystemWalker/CentricMGR trap daemon"
    
    • <Before correction>
      
      • mpnm-trapd
    • <After correction>
      
      • nwsnmp-trapd
  • Changed "4. Patch information"
  • The reason for revision: Modified the previous Patch IDs because the aggregated patch (for Solaris) and update pack (for Windows) has been released. Also updated the "Stop method of SystemWalker/CentricMGR trap daemon".