Tivoli Systems Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

      Introduction

      This document serves as an update regarding the current status of Tivoli/IBM products’ implementation of Simple Network Management Protocol (SNMP), Version 1, and the potential vulnerabilities related to the implementation.

      Tivoli has identified the following products that implement SNMP v1:

      Tivoli NetView for Unix

      Tivoli NetView for Windows

      Tivoli NetView Mid-Level Manager (MLM)

      Tivoli Comprehensive Network Address Translator (CNAT)

      Tivoli NetView for OS/390

      Tivoli Enterprise Console SNMP Adapter

      Tivoli Storage Network Manager

      Tivoli Risk Manager

      As an interim step, customers should be directed to secure their networks so as to prevent SNMP access from unknown sources. The CERT advisory contains substantial information on this topic under the heading of “Ingress Filtering”.

      The following products have been identified for having the potential exposure:
      This information is current as of March 29, 2002.

      Identified Loss of Service
      The following products have been identified as containing issues that can result in loss of service:

      Tivoli NetView for Unix & Windows

      DETAILS

      Tivoli NetView for Unix & Tivoli NetView for Windows are vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.

      STATUS

      A fix is available (See the section on ‘Fix Locations’).

      Tivoli NetView Mid-Level Manager (MLM) Agent for Solaris, HPUX, Windows and AIX

      DETAILS

      The Tivoli NetView Mid-Level Manager (MLM) on Solaris, HPUX, Windows and AIX (Version 7.1 and earlier) is vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.

      STATUS

      A fix is currently being tested and will be released. (See the section on ‘Fix Locations’).

      Tivoli Comprehensive Network Address Translator (CNAT)

      DETAILS

      This product is vulnerable to a temporary loss of service of the AIX system, which causes a loss of connectivity to the portion of the network relying on the CNAT system for NAT routing.

      STATUS

      A fix is currently being tested and will be released. The fix will be available on this site (See the section on ‘Fix Locations’).

      Tivoli NetView for OS/390 Version 1.2, 1.3, and 1.4

      DETAILS:

      ABEND in E/AS (Event Automation Services) Trap-to-Alert adapter when Enterprise Object Identification (OID) is very large can occur.

      STATUS

      A fix is available.

      Tivoli Enterprise Console SNMP Adapter

      DETAILS

      The Tivoli Enterprise Console SNMP Adapter is vulnerable to a loss of service when subjected to certain SNMP get requests or traps.

      STATUS

      A fix is currently being tested and will be released.

      Tivoli Risk Manager

      DETAILS

      The Tivoli Risk Manager utilizes the Tivoli Enterprise Console SNMP Adapter, which is vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.

      STATUS

      A fix is currently being tested and will be released.

      Tivoli Storage Network Manager

      DETAILS

      This condition only affects TSNM's ability to monitor outband events via SNMP traps. TSNM is capable of managing SANs via both outband mechanisms (SNMP queries to FC switches for topology discovery and receives SNMP traps for outband event detection) and inband mechanisms (managed hosts connected to the SAN via FC HBAs for topology and attribute discovery, and inband FC event detection). Outband discovery, inband discovery, and inband event detection are not affected by this condition.

      STATUS

      This will be fixed in the next version of TSNM.

      PREVENTION

      In addition to the prevention noted above, customers should configure at least one Windows or SUN managed host per SAN to allow inband detection of SAN events.

      Fix Locations
      Service fixes to those products that have identified the issue will post the files in the following 2 locations:

      Web - http://www.tivoli.com/secure/support/documents/security/ca-2002-03.html

      FTP - ftp.tivoli.com/support/Support_Notes/SecurityBulletins/

      Questions
      For any questions, please contact your local call center or open a PMR through the online support page http://www.tivoli.com/support/reporting/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.