[Top] [All Lists]

[nv-l] CA-2002-03 followup question

To: "NetView List (E-mail)" <nv-l@lists.tivoli.com>
Subject: [nv-l] CA-2002-03 followup question
From: "Treptow, Craig" <Treptow.Craig@principal.com>
Date: Wed, 6 Mar 2002 13:39:37 -0600
Last month, I read this statement from Todd H. claiming Netview is clean.  

From: netview@toddh.net (Todd H.)
Date: 12/02/2002 15:53:41 CST
Subject: [nv-l] CERT security advisory on multiple SNMP implementations

Oy...there goes the neighborhood.  NetView is clean, but a bunch of
devices in the average network are likely to be vulnerable:

I'm curious if anyone know how NetView got branded as not vulnerable
to trap format string attacks without the dependency on the security
e-Fix from 6.02 that came out in response to:

Perhaps because that vulnerability only existed if you launched
external scripts in event processing forked by ovactiond? 

Todd H.

I can't seem to find any documentation from Tivoli/IBM to support that 
statement.  All I've found is this in the CERT advisory:

Tivoli NetView for Unix, Tivoli NetView for Windows
The "trap handling" subsystems are vulnerable to a service interruption related 
to VU#107186. The Mid-Level Manager agents on some platforms are vulnerable to 
a service interruption related to VU#854306. These conditions are present in 
Tivoli NetView V7.1 and earlier. Solutions are currently being tested and will 
be available in an upcoming service release.

All I've seen in the release notes is a reference to IY21527 
("Security/Integrity issue with trap customization").  But that doesn't appear 
to be related to the CERT advisory.

I must be missing something.  Can anybody point me to a link that confirms 
Todd's statement or any other helpful information?

Thanks for any insight.


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web