Bug 116742

Summary: TCP Port 199 is exposed when SNMP agent is running
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Michael Slifcak <slif>
Component: NetworkAssignee: Marcus Rückert <mrueckert>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: meissner
Version: unspecified   
Target Milestone: ---   
Hardware: i686   
OS: SLES 9   
Whiteboard:
Found By: Third Party Developer/Partner Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Michael Slifcak 2005-09-13 12:02:07 UTC 
Problem:  TCP Port 199 is exposed when SNMP agent is running
Impact:  Low
Risk:    Low. There are no vulnerability advisories for SMUX port 199.

Package Name:  net-snmp-5.1-80.11  [SLES9 Service Pack 1 and Service Pack 2]
Package Name:  net-snmp-5.1-80.16  [SLES9 Service Pack 2]
Not Tested  :  net-snmp-5.1-80.3   [SLES9 base]

Description:
The net-snmp software is built by default to support a deprecated
agent protocol known as SMUX.  When the SMUX module is activated,
the net-snmp agent "snmpd" binds to TCP port 199.  This can be
seen using the command below :

# netstat -pan | egrep "199|161"
tcp  0  0  0.0.0.0:199  0.0.0.0:*   LISTEN   24604/snmpd
udp  0  0  0.0.0.0:161  0.0.0.0:*            24604/snmpd


net-snmp agent can be invoked such that modules like SMUX
can be not activated.  From the command line:

    /usr/sbin/snmpd ....  -I -smux

The problem:  on SuSE Linux Enterprise Server 9,
both Service Pack 1 and Service Pack 2, specifying '-I -smux'
when invoking the net-snmp agent "snmpd" does NOT prevent
the SMUX module from activating.


Test-By [CAUTION: You must use a privileged user session, eg., root]:

   1. Check the status of snmpd. If it is running, stop the snmpd.
        # /etc/init.d/snmpd status
        # /etc/init.d/snmpd stop

   2. Edit /etc/init.d/snmpd.  Change the 'startproc' line
      by appending '-I -smux' to the end of the line. It should
      look something like this when you are finished editing:

      startproc $SNMPD -c $SNMPDCONF -r -A -Lf /var/log/net-snmpd.log -p
/var/run/snmpd.pid $agentargs -I -smux

   3. Start the snmpd
        # /etc/init.d/snmpd start

   4. Verify no program binds to port 199 (smux):
        # netstat -pan | egrep "199|161"

Submitter:  Mike Slifcak, Net-SNMP admin/developer
Contact:  Mike Slifcak
  Trusted Network Technologies, Inc.
  3600 Mansell Road, Suite 200
  Alpharetta, Georgia 30022
  +1.678.990.5430
  mslifcak@trustednetworktech.com
Comment 1 Dr. Werner Fink 2005-09-13 12:35:07 UTC 
Does this happen with SuSE Linux 10.0?
Comment 2 Dr. Werner Fink 2005-09-13 12:37:17 UTC 
Please provide the version of the used SuSE Linux 10.0 ...
which Beta, which RC?
Comment 3 Marcus Meissner 2005-09-13 12:56:43 UTC 
i have the suspicion this is a SLES 9 bugreport.  
 
is this correct?
Comment 4 Michael Slifcak 2005-09-13 13:44:08 UTC 
I don't have SuSE Linux 10.0 to test.
The Bugzilla interface via http://bugzilla.novell.com has no product listing SLES9,
but I did set the OS field to SLES9 choice when submitting the report.
The description clearly states which SLES9 components were tested.
Comment 5 Marcus Rückert 2005-11-07 17:03:22 UTC 
what do you think about adding a sysconfig option to dis-/enable smux?
Comment 6 Michael Slifcak 2005-11-07 17:42:42 UTC 
excellent suggestion!
Comment 7 Marcus Rückert 2005-11-07 18:05:38 UTC 
[[[
$ tail -n 12 *sysconfig
## Path:        System/Net-SNMP
## Description: En-/Disables SNMP SMUX support.
## Type:        yesno
## Default:     yes
#
# If this setting is set to "no" the snmpd will no longer bind
# the TCP Port 199.
#
# The default is set to "yes" to provide backward compatibility.
#
SNMPD_USE_SMUX="yes"
]]]

submitted to SP3
Comment 8 Marcus Rückert 2006-03-17 19:12:40 UTC 
applied the same fix for 10.1/SLES10