[nv-l] CERT security advisory on multiple SNMP implementations

nv-l

[Top] [All Lists]

[nv-l] CERT security advisory on multiple SNMP implementations

2002-02-12 16:53:41

Subject:	[nv-l] CERT security advisory on multiple SNMP implementations
From:	netview AT toddh DOT net (Todd H.)
To:	nv-l AT lists.tivoli DOT com
Date:	12 Feb 2002 15:53:41 -0600

Oy...there goes the neighborhood.  NetView is clean, but a bunch of
devices in the average network are likely to be vulnerable:
        http://www.cert.org/advisories/CA-2002-03.html


I'm curious if anyone know how NetView got branded as not vulnerable
to trap format string attacks without the dependency on the security
e-Fix from 6.02 that came out in response to:
        http://www.cert.org/advisories/CA-2001-24.html

Perhaps because that vulnerability only existed if you launched
external scripts in event processing forked by ovactiond? 

-- 
Todd H.
http://www.toddh.net/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[nv-l] CERT security advisory on multiple SNMP implementations, Todd H. <= Re: [nv-l] CERT security advisory on multiple SNMP implementations, Leslie Clark RE: [nv-l] CERT security advisory on multiple SNMP implementations, Frank W. Hansen Re: [nv-l] CERT security advisory on multiple SNMP implementations, JEFFREY SANDEN Re: [nv-l] CERT security advisory on multiple SNMP implementations, Todd H. RE: [nv-l] CERT security advisory on multiple SNMP implementations, Frank W. Hansen

Previous by Date:	RE: [nv-l] Looking for advice, Allison, Jason (JALLISON)
Next by Date:	[nv-l] Re: [NV-L] Varbinds contained an illegal character, netview
Previous by Thread:	[nv-l] netmon -A ?, Westphal, Raymond
Next by Thread:	Re: [nv-l] CERT security advisory on multiple SNMP implementations, Leslie Clark
Indexes:	[Date] [Thread] [Top] [All Lists]