Bug 110931 - snmpd opens port 199 (smux) even if smuxpeer isn't present
snmpd opens port 199 (smux) even if smuxpeer isn't present
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: net-snmp (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Radek Vokal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-25 11:41 EST by Bastien Nocera
Modified: 2007-11-30 17:06 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-17 04:09:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bastien Nocera 2003-11-25 11:41:39 EST
-(~)-> sudo rpm -Uvh /tmp/net-snmp-5.0.8-11.i386.rpm
/tmp/beecrypt-3.0.1-0.20030630.i386.rpm
Preparing...               
########################################### [100%]
   1:beecrypt              
########################################### [ 50%]
   2:net-snmp              
########################################### [100%]
-(~)-> chkconfig --list | grep snmp
snmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
snmptrapd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
-(~)-> sudo service snmpd start
Starting snmpd:                                            [  OK  ]
-(~)-> netstat -a | grep smux
tcp        0      0 *:smux                  *:*                     LISTEN
-(~)-> grep smux /etc/snmp/snmpd.conf
-(~)->
Comment 1 Radek Vokal 2004-08-17 04:09:24 EDT
Smux is automatically initiated by snmpd

http://www.networksorcery.com/enp/rfc/rfc1227.txt
Comment 2 Jan Iven 2005-12-06 06:38:41 EST
As per RFC1227:
  [..] This mechanism would be local to the host.

We open a TCP port bound to default address, i.e. visible on the network in general.
In addition, SMUX appears to have been deprecated in favour of agentX,
RFC2741/2, and apparently would only be useful for some legacy applications. The
code is old, and opening SMUX even if not configured is exposing the host to
unneccesary risk (even if access control is supposed to happen on such
connections). Binding to localhost only would also enhance the host security.

A patch exists at
http://lists.quagga.net/pipermail/quagga-dev/2004-October/001617.html
that promises to turn off SMUX unless (one or more) smuxpeers have explicitly
been configured.

"How to turn off SMUX" is actually a FAQ for net-snmp, see
http://www.net-snmp.org/docs/FAQ.html#How_can_I_turn_off_SMUX_support_ (the
workaround there is probably nothing one would like on a production system).

Please re-open.

Note You need to log in before you can comment on or make changes to this bug.