[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SNMP vulnerability patches available for IPSO ( CERT Advisory CA-2002-03 )
After installing the new IPSO v3.3 image with the SNMP patch I still get UCD-SNMP v4.1.1 when I do an "snmpd --version"... but according to the CERT advisory all versions of UCD-SNMP below 4.2.2 are vulnerable.... so does this mean that the IPSO patch is no good?! I just noticed this today and haven't had the time to verify 100%. Is anyone else seeing the same? Lenny Capellan -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Brian Fritz Sent: Wednesday, February 13, 2002 6:13 PM To: [email protected] Subject: [FW-1] SNMP vulnerability patches available for IPSO ( CERT Advisory CA-2002-03 ) Since we've been having problems with SNMP and firewall performance, I thought the following information might be useful for others on this list. Enjoy... > Subject: SNMP vulnerability patches available for IPSO ( CERT Advisory > CA-2002-03 ) > > On February 12, 2002 CERT announced an SNMP vulnerability affecting > many vendors. All versions of IPSO up to and including IPSO 3.4.1 are > affected. It maybe possible for a remote intruder to leverage this > vulnerability and gain admin access to Nokia Security Platforms > running the affected IPSO versions. Review CERT Advisory CA-2002-03 > for details of the problem. > > WORKAROUNDS: > > We recommend customers immediately install the appropriate patched > version of IPSO or follow the recommended precautions below to avoid > any potential exploit. > > If you are not using SNMP services, including Traps, simply use > Network Voyager to disable the SNMP daemon to completely eliminate the > potential vulnerability. > > If you are using only SNMP Traps and running Check Point FireWall-1, > create a firewall policy to disallow incoming SNMP messages on all > appropriate interfaces. Traps will continue to work normally. > > FIXES AVAILABLE: > > New builds of IPSO 3.3, 3.3.1, 3.4 and 3.4.1 with fixes to address > this SNMP vulnerability are currently available for download from > Resolution 10231 via http://support.nokia.com. Customers using a > version of IPSO prior to 3.3 should either upgrade or apply the > workarounds listed below. > > IPSO 3.4.2 shipped with the necessary SNMP patch incorporated. The > necessary fix will also be included in all future releases of IPSO. > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|