Vol 4, No 4 - 2/15/02

** High Priority **

Novell and SNMP
Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x and 6.0 systems. The SNMP and SNMPLOG vulnerabilities detected on NetWare are fixed and will be available through NetWare 6 Support Pack 1 & NetWare 5.1 Support Pack 4. Support packs are available at http://support.novell.com/tools/csp/

Full Document

** CERT Warns Of Major Security Flaw A major security flaw that could affect nearly every Internet-connected device has been discovered. The vulnerability is within the Simple Network Management Protocol (SNMP), which lets administrators remotely manage critical devices such as routers, switches, operating systems, and network-management devices. The flaw leaves companies vulnerable to denial-of-service attacks and service disruptions, and could give remote hackers access to systems.

A staggering number of vendors' products are vulnerable, according to Carnegie Mellon's CERT Coordination Center. "Many of the affected products provide key services to the Internet infrastructure," CERT says. "Large-scale outages of these devices could disable significant portions of the global network. The specific impact of these vulnerabilities varies from product to product." Users should check with their vendors for workarounds or patches.

The most pressing danger is denial-of-service attacks against SNMP-ready devices, says Chris Rouland, director of Internet Security Systems Inc.'s research division, X-Force. "A week from now, we may be concerned about the ability for hackers to gain remote, or root, access," he says. Rouland recommends that all system administrators assess the SNMP traffic on their networks, ports 161 and 162 tcp/udp. Users aren't immune and should contact their digital subscriber line, cable modem, or router vendors about potential exposures, he adds. Rouland says X-Force research has shown that some Cisco Systems routers and switches won't filter packets that could exploit the vulnerability, even if they're configured to do so. "I've never seen a vulnerability that affected so many vendors," Rouland says. "This one is big."

Some of the affected vendors are no longer in business or are no longer maintaining the affected software, Rouland says, making it even more difficult to secure their networks.
- George V. Hulme

For the full story, go to:
http://update.informationweek.com/cgi-bin4/flo?y=eF3u0BdTa10V20BWcb0A6

And for more on security:
Businesses Keep Spending On Security
http://update.informationweek.com/cgi-bin4/flo?y=eF3u0BdTa10V20BWAI0A7

If you want a copy of the fix files for NW 4, 5 and 6, send me an e-mail with the subject "SNMP Fix Request" and you will receive them.... Or it will be publically available later today ot tomorrow....

john