[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] SNMP vulnerability patches available for IPSO ( CERT Advisory CA-2002-03 )
Since we've been having problems with SNMP and firewall performance, I thought the following information might be useful for others on this list. Enjoy... > Subject: SNMP vulnerability patches available for IPSO ( CERT Advisory > CA-2002-03 ) > > On February 12, 2002 CERT announced an SNMP vulnerability > affecting many vendors. All versions of IPSO up to and including > IPSO 3.4.1 are affected. It maybe possible for a remote intruder > to leverage this vulnerability and gain admin access to Nokia > Security Platforms running the affected IPSO versions. Review > CERT Advisory CA-2002-03 for details of the problem. > > WORKAROUNDS: > > We recommend customers immediately install the appropriate > patched version of IPSO or follow the recommended > precautions below to avoid any potential exploit. > > If you are not using SNMP services, including Traps, simply use > Network Voyager to disable the SNMP daemon to completely > eliminate the potential vulnerability. > > If you are using only SNMP Traps and running Check Point > FireWall-1, create a firewall policy to disallow incoming SNMP > messages on all appropriate interfaces. Traps will continue to > work normally. > > FIXES AVAILABLE: > > New builds of IPSO 3.3, 3.3.1, 3.4 and 3.4.1 with fixes to > address this SNMP vulnerability are currently available for > download from Resolution 10231 via http://support.nokia.com. > Customers using a version of IPSO prior to 3.3 should either > upgrade or apply the workarounds listed below. > > IPSO 3.4.2 shipped with the necessary SNMP patch incorporated. > The necessary fix will also be included in all future releases of > IPSO. > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|