CERT Advisory Response On February 12th, 2002, the Computer Emergency Response Team Coordination Center, CERT®, issued Advisory CA-2002-03 which describes numerous vulnerabilities in multiple vendors' SNMP implementations. CERT® is the Internet security oversight organization, which monitors Internet security conditions and advises Internet users of vulnerability conditions. CommWorks Corporation is currently assessing the impact of these vulnerabilities on CommWorks products. As an immediate precaution, customers should review the solutions suggested in Section III at http://www.cert.org/advisories/CA-2002-03.html, and implement those appropriate to their network environment. In particular, CommWorks advises isolating the management network from the user data network in order to minimize vulnerability and service impact related to any security breach. CommWorks customers should monitor http://totalservice.commworks.com/cert_update.cfm for updated information addressing this advisory, as well as information on available patches for CommWorks products. Carl Litt <carl@execulink.com>@mailman.xmission.com on 02/13/2002 01:29:00 PM Sent by: usr-tc-admin@mailman.xmission.com To: usr-tc@lists.xmission.com cc: Subject: [USR-TC] CERT Advisory CA-2002-03: SNMPv1 Vulnerabilities CERT has just released an advisory concerning vulnerabilities in SNMPv1 which exist in many vendor implementations, including 3Com. 3Com has acknowledged that several switches are are vulnerable, but there has been no news about the Total Control series. Does anyone know if the SNMP implementation on the ARC/NMC cards is safe? For reference: http://www.kb.cert.org/vuls/id/854306 http://www.kb.cert.org/vuls/id/107186 Carl Litt Network Administrator Execulink Internet _______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc