FYI,
This change in ovactiond was done in response to a major CSIRT on
SNMP-V1 in 2002.
CA-2002-03. - VU#107186 - Multiple vulnerabilities in SNMPv1 trap
handling
because of user context of ovactiond, commands embedded into SNMP trap
Variables could be executed as root.
The fix was to disable default processing of command-type characters
through substitution when passed to ovactiond.
Hence the whole special characters stuff. Which should still be used
only with care and unstanding the risks.
Jon Austin
Tivoli/Unix Administrator
Information Systems
Children's Hospital of Philadelphia
>>> VPretorius@fnb.co.za 10/4/2005 2:29 AM >>>
Hi all
I did not know about what ovactiond did with special characters
however
Philippe M put me right he said:
ovactiond is changing your strings. For security reasons, IBM / Tivoli
have decided that automatic actions should
not contain special characters such as ; : [ ( etc and be replaced by
_
characters, unless explicitly configured.
If you really need parameter strings containing say ( and )
characters,
you must add the following to /usr/OV/bin/netnmrc.pre
My problem has now been resolved. Thanks everyone
Thanks
Vynita Pretorius
+27 11 889-4231
+27 82 856 0321
Hogan Technology
First National Bank
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
On Behalf Of James Shanks
Sent: Friday, September 30, 2005 4:51 PM
To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] automatic action is acting strangely
Not sure I follow all this, but automatic action scripts are run by
ovactiond and he has a log you could look at. If you put tracing in
your
script (set -x) it will echo to ovactiond.log.
You do know about AdditionalLegalTrapCharacters, right? Because of
past
CERT advisories, ovactiond and actionsvr will replace every special
character not listed in the AdditionalLegalTrapCharacters environment
variable with underscores. This had been true since version 6.0.3.
You can set AdditionalLegalTrapCharacters in netnmrc.pre or
NVenvironment,
and restart all the daemons, including nvsecd
HTH
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
"Pretorius,
Vynita"
<VPretorius@fnb.c
To
o.za> <nv-l@lists.us.ibm.com>
Sent by:
cc
owner-nv-l@lists.
us.ibm.com
Subject
[nv-l] automatic action is
acting
strangely
09/30/2005 09:14
AM
Please respond to
nv-l
Hi All
I am using netview for Unix 7.1.4 fp03 on solaris 2.9
With xnmtrap I have configured command for automatic action as follows
sh -x /home/test/remfin "$A $5 C $2 $3" >> test.out
What I wanted to do was remove all brackets and quotes in the string
and
replace them with nothing or blank.
It is executing remfin because I tail test.out
remfin looks like ths
#!/bin/ksh
Str1=$1
echo $Str1 ......
change string and the I do another snmptrap ( and here I see the
_23.5_
etc
in the trapd.log )
In test.out the string that is been given to me has already been
modified
by something removing the brackets and quotes with a _ but not by
remfin.
I have removed all sed statement in remfin.
What is changing my string??
If I remove remfin via xnmtrap then nothing happens which implies that
it
is being trigged by the correct oid
Please help I am going nuts.
Thanks
Vynita
___________________________________________
The views expressed in this email are, unless otherwise stated, those
of
the author and not those
of the FirstRand Banking Group an Authorised Financial Service
Provider
or
its management.
The information in this e-mail is confidential and is intended solely
for
the addressee.
Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and
integrity
of information and data
transmitted electronically and to preserve the confidentiality
thereof,
no
liability or
responsibility whatsoever is accepted if information or data is, for
whatever reason, corrupted
or does not reach its intended destination.
__________________________________
___________________________________________________________________________________________________
*The information contained in this e-mail is confidential and may
contain proprietary information.
It is meant solely for the intended recipient. Access to this e-mail
by anyone else
is unauthorised. If you are not the intended recipient, any
disclosure, copying,
distribution or any action taken or omitted in reliance on this, is
prohibited and
may be unlawful .No liability or responsibility is accepted if
information or data is,
for whatever reason corrupted or does not reach its intended
recipient. No warranty is
given that this e-mail is free of viruses. The views expressed in this
e-mail are, unless
otherwise stated, those of the author and not those of FirstRand Bank
Limited or its management.
FirstRand Bank Limited reserves the right to monitor, intercept and
block e-mails addressed
to its users or take any other action in accordance with its e-mail
use policy.
Licensed divisions of FirstRand Bank Limited are authorised financial
service providers
in terms of the Financial Advisory and Intermediary Services Act 37 of
2002.*
___________________________________________________________________________________________________
|