Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] SNMP vulnerability patches available for IPSO ( CERT Advisory CA-2002-03 )

To: [email protected]
Subject: [FW-1] SNMP vulnerability patches available for IPSO ( CERT Advisory CA-2002-03 )
From: Brian Fritz <[email protected]>
Date: Wed, 13 Feb 2002 18:12:38 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Since we've been having problems with SNMP and firewall performance, I
thought the following information might be useful for others on this list.
Enjoy...

> Subject: SNMP vulnerability patches available for IPSO ( CERT Advisory
> CA-2002-03 )
>
> On February 12, 2002 CERT announced an SNMP vulnerability
> affecting many vendors. All versions of IPSO up to and including
> IPSO 3.4.1 are affected. It maybe possible for a remote intruder
> to leverage this vulnerability and gain admin access to Nokia
> Security Platforms running the affected IPSO versions. Review
> CERT Advisory CA-2002-03 for details of the problem.
>
> WORKAROUNDS:
>
> We recommend customers immediately install the appropriate
> patched version of IPSO or follow the recommended
> precautions below to avoid any potential exploit.
>
> If you are not using SNMP services, including Traps, simply use
> Network Voyager to disable the SNMP daemon to completely
> eliminate the potential vulnerability.
>
> If you are using only SNMP Traps and running Check Point
> FireWall-1, create a firewall policy to disallow incoming SNMP
> messages on all appropriate interfaces. Traps will continue to
> work normally.
>
> FIXES AVAILABLE:
>
> New builds of IPSO 3.3, 3.3.1, 3.4 and 3.4.1 with fixes to
> address this SNMP vulnerability are currently available for
> download from Resolution 10231 via http://support.nokia.com.
> Customers using a version of IPSO prior to 3.3 should either
> upgrade or apply the workarounds listed below.
>
> IPSO 3.4.2 shipped with the necessary SNMP patch incorporated.
> The necessary fix will also be included in all future releases of
> IPSO.
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] SNMP vulnerability patches available for IPSO ( CERT Advisory CA-2002-03 )
  - From: Lenny Capellan <[email protected]>
- Re: [FW-1] SNMP vulnerability patches available for IPSO ( CERT Advisory CA-2002-03 )
  - From: Hans-Joachim Hoetger <[email protected]>

Prev by Date: Re: [FW-1] Messenger
Next by Date: Re: [FW-1] Coexistence 4.1/NG
Previous by thread: Re: [FW-1] Replacing 'control connection' implied rules
Next by thread: Re: [FW-1] SNMP vulnerability patches available for IPSO ( CERT Advisory CA-2002-03 )
Index(es):
- Date
- Thread