Last month, I read this statement from Todd H. claiming Netview is clean.
From: netview@toddh.net (Todd H.)
Date: 12/02/2002 15:53:41 CST
Subject: [nv-l] CERT security advisory on multiple SNMP implementations
Oy...there goes the neighborhood. NetView is clean, but a bunch of
devices in the average network are likely to be vulnerable:
<http://www.cert.org/advisories/CA-2002-03.html>
I'm curious if anyone know how NetView got branded as not vulnerable
to trap format string attacks without the dependency on the security
e-Fix from 6.02 that came out in response to:
<http://www.cert.org/advisories/CA-2001-24.html>
Perhaps because that vulnerability only existed if you launched
external scripts in event processing forked by ovactiond?
--
Todd H.
<http://www.toddh.net/>
I can't seem to find any documentation from Tivoli/IBM to support that
statement. All I've found is this in the CERT advisory:
Tivoli NetView for Unix, Tivoli NetView for Windows
The "trap handling" subsystems are vulnerable to a service interruption related
to VU#107186. The Mid-Level Manager agents on some platforms are vulnerable to
a service interruption related to VU#854306. These conditions are present in
Tivoli NetView V7.1 and earlier. Solutions are currently being tested and will
be available in an upcoming service release.
All I've seen in the release notes is a reference to IY21527
("Security/Integrity issue with trap customization"). But that doesn't appear
to be related to the CERT advisory.
I must be missing something. Can anybody point me to a link that confirms
Todd's statement or any other helpful information?
Thanks for any insight.
Craig
|