Wasn't the fix adding the escape characters added in 6.0.3?

Scott Bursik
Event Systems Management
Pepsico Business Solutions Group
(972) 334-3757
scott.bursik AT pbsg DOT com

-----Original Message-----
From: netview AT toddh DOT net [mailto:netview AT toddh DOT net] 
Sent: Tuesday, November 05, 2002 5:37 PM
To: lesdickert AT att DOT net
Cc: nv-l AT lists.tivoli DOT com
Subject: Re: [nv-l] Migrating from Netview 6.0.3 to 7.1

lesdickert AT att DOT net writes:
> Or, if you want it to work just like in 6.0.3,
> create a file in /usr/OV/bin called
> 
> netnmrc.pre
> 
> with one line in it:
> 
> export AdditionalLegalTrapCharacters=disable
> 
> and bring netview down and back up and then trapd
> will quit putting those annoying \ characters into
> the varbind data.
> 
> Oops!  Was I not supposed to reveal this secret???


Well, if you're comfortable allowing any device with udp/162
visibility to your netview server capable of running arbitrary
commands in root context on your NetView server. 

I'm under the distinct impression that this would leave you wide open
to a handy root compromise per.
        http://www.cert.org/advisories/CA-2001-24.html

I for one wouldn't advocate disabling that fix. 

-- 
Todd H.
http://www.toddh.net/

---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe AT lists.tivoli DOT com
For additional commands, e-mail: nv-l-help AT lists.tivoli DOT com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)