Sun Datacenter InfiniBand Switch 36
 
Sun Network QDR InfiniBand Gateway Switch
 

PLA-Support>Sun Systems>SAND>Network>SN-SND: Sun Network Infiniband
 

In this Document

Symptoms

Changes

Cause

Solution

Option 1 - disable SNMP

Option 2 - change the community string

Option 3 - use SNMPv3

Applies to:

Symptoms

A security scanner flags
CVE-1999-0517 An SNMP community name is the default (e.g. public), null, or missing.
for the Infiniband Switch management IP address.

Changes

No changes were done to Simple Network Management Protocol (SNMP) configuration.

Cause

This CVE is a configuration proposal, it is flagged when a SNMP community name is the default (e.g. the string "public").

If this is an intended configuration, this can be probably kept.

What you can configure depends on your environment.

Solution

Option 1 - disable SNMP

If you do not use SNMP on the infiniband switch and Exadata, you can potentially disable it.
See Sun Datacenter InfiniBand Switch 36 Topic Set - Managing SNMP Services (CLI)

Access the Oracle ILOM CLI ( See Accessing Oracle ILOM From the CLI).

Option 2 - change the community string

If you use SNMP, you can change the community strings.

This is done on all systems and related management software (e.g. Enterprise Manager).

On the IB switch, in general, a new snmp community name can be configured on the ILOM of the IB switches.
It's described in
Sun Datacenter InfiniBand Switch 36 Topic Set - Managing SNMP Services (CLI)

For example, to add the community newcom:

The SNMP community newcom is added.

Then you can disable the unwanted community :

- delete community private:

Option 3 - use SNMPv3

If your environment supports it, you can also use just SNMPv3,
see Sun Datacenter InfiniBand Switch 36 Topic Set - Configure the SNMP Service (CLI)

This solution has no attachment