Bug 110931
Summary: | snmpd opens port 199 (smux) even if smuxpeer isn't present | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Bastien Nocera <bnocera> |
Component: | net-snmp | Assignee: | Radek Vokál <rvokal> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | CC: | jan.iven, pere_camps, rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-08-17 08:09:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bastien Nocera
2003-11-25 16:41:39 UTC
Smux is automatically initiated by snmpd http://www.networksorcery.com/enp/rfc/rfc1227.txt As per RFC1227: [..] This mechanism would be local to the host. We open a TCP port bound to default address, i.e. visible on the network in general. In addition, SMUX appears to have been deprecated in favour of agentX, RFC2741/2, and apparently would only be useful for some legacy applications. The code is old, and opening SMUX even if not configured is exposing the host to unneccesary risk (even if access control is supposed to happen on such connections). Binding to localhost only would also enhance the host security. A patch exists at http://lists.quagga.net/pipermail/quagga-dev/2004-October/001617.html that promises to turn off SMUX unless (one or more) smuxpeers have explicitly been configured. "How to turn off SMUX" is actually a FAQ for net-snmp, see http://www.net-snmp.org/docs/FAQ.html#How_can_I_turn_off_SMUX_support_ (the workaround there is probably nothing one would like on a production system). Please re-open. |