OK, I've been reading about SNMP misconfiguration security issues and it seems like hackers can actually own a router if they discover its SNMP RW community string via tools like snmpblow and snmpwalk: http://securityreliks.securegossip.com/2011/04/hacking-snmp-in-a-few-simple-steps/
But what about SNMP RW on Linux boxes? How far the bad guys can go with this one?
"As far as your SNMP configuration and operating system lets them."
This can include executing arbitrary programs (often by taking advantage of net-snmp
execdirectives), altering network / routing configuration (if you do something dumb like run snmpd as root), etc. etc. etc. (it really is a nearly infinite list).If you care for security the general rule is do not enable SNMP "write" access.
If you really care for security you'll also insist on using SNMPv3.
If you really, REALLY care about security you won't enable SNMP at all, or you'll lock it down so there's no way to get at it from the public internet.
Even with Read-Only access an attacker can get a metric buttload of valuable intelligence on your system by a simple snmpwalk. You don't want to make things any easier than they already are.