PMP Mail Archive: PMP> FW: SNMP Advisory Updates [from CERT]

PMP> FW: SNMP Advisory Updates [from CERT]

From: McDonald, Ira (imcdonald@sharplabs.com)
Date: Wed Mar 06 2002 - 18:55:59 EST

  • Next message: Hopkins, Mark: "RE: PMP> Printer MIB draft-11 posted at PWG site (10 January 2002 )"

    Hi folks,

    FYI - latest from CERT on their SNMP Advisory. By the way, if you
    haven't read the advisory yet, it recommends some draconian solutions
    like "disable SNMP on all devices in your enterprise network". Your
    customers likely _have_ read this CERT SNMP Advisory.

    Cheers,
    - Ira McDonald
      High North Inc

    -----Original Message-----
    From: CERT(R) Coordination Center [mailto:cert@cert.org]
    Sent: Tuesday, March 05, 2002 6:29 PM
    To: snmp-forum@cert.org
    Subject: SNMP Advisory Updates

    -----BEGIN PGP SIGNED MESSAGE-----

    Hello Folks,

    I thought you all might be interested to know that we continue to
    update the SNMP Advisory on a daily basis. For your convenience, I've
    included the full revision history in this message.

    I'd also like to thank all of you for your continued participation on
    this list.

    Regards,
    Ian

    Ian Finlay
    Internet Systems Security Analyst - CERT/CC Vulnerability Handling Team
    Networked Systems Survivability Program
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    CERT (R) Coordination Center Email: cert@cert.org
    Software Engineering Institute WWW: http://www.cert.org
    Carnegie Mellon University Hotline: +1-412-268-7090
    Pittsburgh, PA USA 15213-3890 FAX: +1-412-268-6989
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

    - From http://www.cert.org/advisories/CA-2002-03.html

    Feb 12, 2002: Initial release
    Feb 12, 2002: Corrected vendor appendix formatting issues
    Feb 12, 2002: Added vendor statement for Inktomi
    Feb 12, 2002: Fixed formatting problem in "Disable stack execution" section
    Feb 12, 2002: Updated vendor statement for Juniper
    Feb 12, 2002: Fixed broken link in Juniper statement
    Feb 12, 2002: Updated Public Thanks section
    Feb 12, 2002: Updated Covalent statement
    Feb 12, 2002: Updated SNMP Research statement
    Feb 12, 2002: Updated CVE and Comtek services links
    Feb 13, 2002: Updated Cisco, Enterasys, FreeBSD, HP, Microsoft, Sun, and
    Tandberg statements, removed Tivoli statement
    Feb 14, 2002: Added vendor statement for Aprisma
    Feb 14, 2002: Added vendor statements for MG-Soft and NetScreen
    Feb 14, 2002: Added vendor statement for iTouch Communications
    Feb 14, 2002: Added vendor statement for F5 Networks
    Feb 14, 2002: Added vendor statement for Sierra Wireless
    Feb 15, 2002: Added vendor statement for MICROMUSE
    Feb 15, 2002: Updated HP statement
    Feb 16, 2002: Updated Nortel Networks statement
    Feb 16, 2002: Added vendor statement for Foundry Networks
    Feb 18, 2002: Added vendor statement for Tivoli
    Feb 18, 2002: Added vendor statement for Radware
    Feb 18, 2002: Updated Nortel Networks statement
    Feb 19, 2002: Updated Nortel Networks statement
    Feb 19, 2002: Updated F5 Networks statement
    Feb 19, 2002: Updated Compaq statement
    Feb 19, 2002: Updated IBM statement
    Feb 19, 2002: Added vendor statement for Dell
    Feb 19, 2002: Fixed bad link in Enterasys statement
    Feb 19, 2002: Updated IBM statement
    Feb 19, 2002: Added vendor statement for BMC Software
    Feb 20, 2002: Added vendor statement for Wind River Systems
    Feb 20, 2002: Added vendor statement for Concord Communications
    Feb 20, 2002: Added vendor statement for CommWorks Corporation (a 3Com
    company)
    Feb 20, 2002: Added vendor statement for Lexmark International
    Feb 20, 2002: Added vendor statement for Check Point Software Technologies
    Inc.
    Feb 20, 2002: Added vendor statement for Alcatel
    Feb 21, 2002: Added vendor statement for Avici Systems Inc.
    Feb 21, 2002: Added vendor statement for NuDesign Team Inc.
    Feb 21, 2002: Added vendor statement for ADTRAN, Inc.
    Feb 21, 2002: Updated NetScreen vendor statement
    Feb 21, 2002: Added vendor statement for TMP Consultoria S/C
    Feb 21, 2002: Added vendor statement for Xerox
    Feb 21, 2002: Updated Inktomi vendor statement
    Feb 21, 2002: Added vendor statement for nCipher Corp.
    Feb 21, 2002: Updated Lucent vendor statement
    Feb 21, 2002: Added vendor statement for Spider Software
    Feb 21, 2002: Added vendor statement for Riverstone Networks
    Feb 21, 2002: Added vendor statement for Standard Networks, Inc.
    Feb 21, 2002: Added vendor statement for Openwave Systems Inc.
    Feb 21, 2002: Added vendor statement for General DataComm
    Feb 22, 2002: Added vendor statement for NETWORK HARMONi, Inc.
    Feb 22, 2002: Updated HP vendor statement
    Feb 22, 2002: Updated Nortel Networks statement
    Feb 25, 2002: Added vendor statement for American Power Conversion
    Feb 25, 2002: Added vendor statement for Cambridge Broadband Ltd.
    Feb 25, 2002: Added vendor statement for Corsaire Limited
    Feb 25, 2002: Added vendor statement for SonicWALL, Inc.
    Feb 26, 2002: Added vendor statement for Perle Systems
    Feb 26, 2002: Added vendor statement for Sonus Networks
    Feb 26, 2002: Added vendor statement for Optical Access
    Feb 26, 2002: Added vendor statement for INRANGE Technologies
    Feb 26, 2002: Updated vendor statement for Redback Networks, Inc.
    Feb 26, 2002: Removed "Disable stack execution" section from Solutions
    Feb 26, 2002: Added vendor statement for BinTec Communications AG
    Feb 26, 2002: Updated vendor statement for IBM
    Feb 27, 2002: Updated HP vendor statement
    Feb 27, 2002: Added vendor statement for World Wide Packets
    Feb 27, 2002: Added vendor statement for Dart Communications
    Feb 27, 2002: Added vendor statement for Quallaby Corporation
    Feb 27, 2002: Updated iTouch Communications vendor statement
    Feb 27, 2002: Added vendor statement for CipherTrust, Inc.
    Feb 27, 2002: Added vendor statement for Ipswitch, Inc.
    Feb 27, 2002: Added vendor statement for D-Link Systems, Inc.
    Mar 01, 2002: Added vendor statement for iPlanet
    Mar 01, 2002: Updated vendor statement for Novell
    Mar 01, 2002: Updated vendor statement for nCipher Corp.
    Mar 01, 2002: Added vendor statement for Extreme Networks
    Mar 04, 2002: Added vendor statement for NetSilicon
    Mar 04, 2002: Added vendor statement for SecureWorks, Inc.
    Mar 04, 2002: Added vendor statement for Efficient Networks, Inc.
    Mar 04, 2002: Updated vendor statement for Novell
    Mar 04, 2002: Added vendor statement for Monfox, LLC
    Mar 05, 2002: Added vendor statement for Paradyne
    Mar 05, 2002: Added vendor statement for Trend Micro
    Mar 05, 2002: Updated vendor statement for Dartware, LLC
    Mar 05, 2002: Added vendor statement for Quick Eagle Networks
    Mar 05, 2002: Added vendor statement for Conectiva
    Mar 05, 2002: Added vendor statement for Asante Technologies, Inc.
    Mar 05, 2002: Added vendor statement for SolarWinds.Net, Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 5.0i for non-commercial use
    Charset: noconv

    iQCVAwUBPIVjM6CVPMXQI2HJAQEgqAP+LfZQoj+iUxYpoDFs32BWu4DuLYELJVj4
    KR+hTljTSktWLCfi4eQFpRUeM/yEfqgDTXpseml72ucYRRFbi37ps8pQjfx+QTIM
    6fQeex1ZrYto7Cgkmylwd0saJMo9kU2t1Mal4koy5iERiYy85OYwOCaPd+nyC+zW
    8d1Bl6UGrQU=
    =w5aF
    -----END PGP SIGNATURE-----



    This archive was generated by hypermail 2b29 : Wed Mar 06 2002 - 18:56:37 EST