New NMC code has been posted on http://totalservice.commworks.com . The following NMC codes provide protection from possible Denial Of Service (DoS) attacks via SNMP. These concerns were raised by a CERT advisory issued today (see http://www.kb.cert.org/vuls/id/854306). To find the NMC code do the following: 1)Go to the Software Library Link located under the Software section of the totalservice web page 2) Choose the Enhanced Data Services (RAS) icon 3) Then Click on the drop down arrow and choose Network Management Cards 4) The NMC code is posted as follows: HM080296: HiPerNMC v8.2.96. This code is based on version 8.2.97 and includes fixes to prevent NMC reboots that might be caused by certain SNMP requests. HH080396: NMC-333 v8.3.96. This code is based on version 8.3.97 and includes fixes to prevent NMC reboots that might be caused by certain SNMP requests. The NMC code is also posted under the TCS 4.3 software suite located under the same drop down arrow as the Network Management Cards. Please note: This issue has been fixed on the TCS 4.5 Beta load. Steve Johnson <linuxnut@sonic.net>@mailman.xmission.com on 02/13/2002 01:39:01 PM Sent by: usr-tc-admin@mailman.xmission.com To: Carl Litt <carl@execulink.com>, usr-tc@lists.xmission.com cc: Subject: Re: [USR-TC] CERT Advisory CA-2002-03: SNMPv1 Vulnerabilities Yeah if anyone knows please post is on this list.. I sure hope they are not vulnerable... -Steve On Wednesday 13 February 2002 11:29 am, Carl Litt wrote:
CERT has just released an advisory concerning vulnerabilities in SNMPv1 which exist in many vendor implementations, including 3Com.
3Com has acknowledged that several switches are are vulnerable, but there has been no news about the Total Control series. Does anyone know if the SNMP implementation on the ARC/NMC cards is safe?
For reference:
http://www.kb.cert.org/vuls/id/854306 http://www.kb.cert.org/vuls/id/107186
Carl Litt Network Administrator Execulink Internet
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc