Hi folks,
FYI - latest from CERT on their SNMP Advisory. By the way, if you
haven't read the advisory yet, it recommends some draconian solutions
like "disable SNMP on all devices in your enterprise network". Your
customers likely _have_ read this CERT SNMP Advisory.
Cheers,
- Ira McDonald
High North Inc
-----Original Message-----
From: CERT(R) Coordination Center [mailto:cert at cert.org]
Sent: Tuesday, March 05, 2002 6:29 PM
To: snmp-forum at cert.org
Subject: SNMP Advisory Updates
-----BEGIN PGP SIGNED MESSAGE-----
Hello Folks,
I thought you all might be interested to know that we continue to
update the SNMP Advisory on a daily basis. For your convenience, I've
included the full revision history in this message.
I'd also like to thank all of you for your continued participation on
this list.
Regards,
Ian
Ian Finlay
Internet Systems Security Analyst - CERT/CC Vulnerability Handling Team
Networked Systems Survivability Program
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CERT (R) Coordination Center Email: cert at cert.org
Software Engineering Institute WWW: http://www.cert.org
Carnegie Mellon University Hotline: +1-412-268-7090
Pittsburgh, PA USA 15213-3890 FAX: +1-412-268-6989
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- From http://www.cert.org/advisories/CA-2002-03.html
Feb 12, 2002: Initial release
Feb 12, 2002: Corrected vendor appendix formatting issues
Feb 12, 2002: Added vendor statement for Inktomi
Feb 12, 2002: Fixed formatting problem in "Disable stack execution" section
Feb 12, 2002: Updated vendor statement for Juniper
Feb 12, 2002: Fixed broken link in Juniper statement
Feb 12, 2002: Updated Public Thanks section
Feb 12, 2002: Updated Covalent statement
Feb 12, 2002: Updated SNMP Research statement
Feb 12, 2002: Updated CVE and Comtek services links
Feb 13, 2002: Updated Cisco, Enterasys, FreeBSD, HP, Microsoft, Sun, and
Tandberg statements, removed Tivoli statement
Feb 14, 2002: Added vendor statement for Aprisma
Feb 14, 2002: Added vendor statements for MG-Soft and NetScreen
Feb 14, 2002: Added vendor statement for iTouch Communications
Feb 14, 2002: Added vendor statement for F5 Networks
Feb 14, 2002: Added vendor statement for Sierra Wireless
Feb 15, 2002: Added vendor statement for MICROMUSE
Feb 15, 2002: Updated HP statement
Feb 16, 2002: Updated Nortel Networks statement
Feb 16, 2002: Added vendor statement for Foundry Networks
Feb 18, 2002: Added vendor statement for Tivoli
Feb 18, 2002: Added vendor statement for Radware
Feb 18, 2002: Updated Nortel Networks statement
Feb 19, 2002: Updated Nortel Networks statement
Feb 19, 2002: Updated F5 Networks statement
Feb 19, 2002: Updated Compaq statement
Feb 19, 2002: Updated IBM statement
Feb 19, 2002: Added vendor statement for Dell
Feb 19, 2002: Fixed bad link in Enterasys statement
Feb 19, 2002: Updated IBM statement
Feb 19, 2002: Added vendor statement for BMC Software
Feb 20, 2002: Added vendor statement for Wind River Systems
Feb 20, 2002: Added vendor statement for Concord Communications
Feb 20, 2002: Added vendor statement for CommWorks Corporation (a 3Com
company)
Feb 20, 2002: Added vendor statement for Lexmark International
Feb 20, 2002: Added vendor statement for Check Point Software Technologies
Inc.
Feb 20, 2002: Added vendor statement for Alcatel
Feb 21, 2002: Added vendor statement for Avici Systems Inc.
Feb 21, 2002: Added vendor statement for NuDesign Team Inc.
Feb 21, 2002: Added vendor statement for ADTRAN, Inc.
Feb 21, 2002: Updated NetScreen vendor statement
Feb 21, 2002: Added vendor statement for TMP Consultoria S/C
Feb 21, 2002: Added vendor statement for Xerox
Feb 21, 2002: Updated Inktomi vendor statement
Feb 21, 2002: Added vendor statement for nCipher Corp.
Feb 21, 2002: Updated Lucent vendor statement
Feb 21, 2002: Added vendor statement for Spider Software
Feb 21, 2002: Added vendor statement for Riverstone Networks
Feb 21, 2002: Added vendor statement for Standard Networks, Inc.
Feb 21, 2002: Added vendor statement for Openwave Systems Inc.
Feb 21, 2002: Added vendor statement for General DataComm
Feb 22, 2002: Added vendor statement for NETWORK HARMONi, Inc.
Feb 22, 2002: Updated HP vendor statement
Feb 22, 2002: Updated Nortel Networks statement
Feb 25, 2002: Added vendor statement for American Power Conversion
Feb 25, 2002: Added vendor statement for Cambridge Broadband Ltd.
Feb 25, 2002: Added vendor statement for Corsaire Limited
Feb 25, 2002: Added vendor statement for SonicWALL, Inc.
Feb 26, 2002: Added vendor statement for Perle Systems
Feb 26, 2002: Added vendor statement for Sonus Networks
Feb 26, 2002: Added vendor statement for Optical Access
Feb 26, 2002: Added vendor statement for INRANGE Technologies
Feb 26, 2002: Updated vendor statement for Redback Networks, Inc.
Feb 26, 2002: Removed "Disable stack execution" section from Solutions
Feb 26, 2002: Added vendor statement for BinTec Communications AG
Feb 26, 2002: Updated vendor statement for IBM
Feb 27, 2002: Updated HP vendor statement
Feb 27, 2002: Added vendor statement for World Wide Packets
Feb 27, 2002: Added vendor statement for Dart Communications
Feb 27, 2002: Added vendor statement for Quallaby Corporation
Feb 27, 2002: Updated iTouch Communications vendor statement
Feb 27, 2002: Added vendor statement for CipherTrust, Inc.
Feb 27, 2002: Added vendor statement for Ipswitch, Inc.
Feb 27, 2002: Added vendor statement for D-Link Systems, Inc.
Mar 01, 2002: Added vendor statement for iPlanet
Mar 01, 2002: Updated vendor statement for Novell
Mar 01, 2002: Updated vendor statement for nCipher Corp.
Mar 01, 2002: Added vendor statement for Extreme Networks
Mar 04, 2002: Added vendor statement for NetSilicon
Mar 04, 2002: Added vendor statement for SecureWorks, Inc.
Mar 04, 2002: Added vendor statement for Efficient Networks, Inc.
Mar 04, 2002: Updated vendor statement for Novell
Mar 04, 2002: Added vendor statement for Monfox, LLC
Mar 05, 2002: Added vendor statement for Paradyne
Mar 05, 2002: Added vendor statement for Trend Micro
Mar 05, 2002: Updated vendor statement for Dartware, LLC
Mar 05, 2002: Added vendor statement for Quick Eagle Networks
Mar 05, 2002: Added vendor statement for Conectiva
Mar 05, 2002: Added vendor statement for Asante Technologies, Inc.
Mar 05, 2002: Added vendor statement for SolarWinds.Net, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBPIVjM6CVPMXQI2HJAQEgqAP+LfZQoj+iUxYpoDFs32BWu4DuLYELJVj4
KR+hTljTSktWLCfi4eQFpRUeM/yEfqgDTXpseml72ucYRRFbi37ps8pQjfx+QTIM
6fQeex1ZrYto7Cgkmylwd0saJMo9kU2t1Mal4koy5iERiYy85OYwOCaPd+nyC+zW
8d1Bl6UGrQU=
=w5aF
-----END PGP SIGNATURE-----