General DataComm Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

      General DataComm Advisory Bulletin

      http://www.gdc.com/products/bulletin.shtml

      Ref:  CERT Advisory CA-2002-03
      Multiple Vulnerabilities in Many Implementations of Simple Network Management Protocol (SNMP)

      GDC  TEAM  SNMP

      The GDC TEAM applications use the HP OpenView NNM SNMP protocol stack for its
      SNMP network management communication to its SpectraComm Manager (SCM) card.
      The SCM contains an SNMP proxy agent.

      Recommendations:

      1. The SCM does not have a default read/write community name of "private" which makes it less
      susceptible for hackers to change device configurations or taking down the management or data network.
      The SCM does have a default read only community name of "public". The customer is advised to change
      this.

      2. The major GDC network management customers usually use a separate
      private LAN for their management traffic to eliminate the exposure to outside illegal entry.

      3. Please read below, obtain and install the HP HPOV patches from the listed sites.

      HP HPOV   NNM (Network Node Manager)
             ---------------------------------------------------------
             Some problems were found in NNM product were related to
             trap handling. Patches in process. Watch for the
             associated HP Security Bulletin.

             ----------------------------------------------------------
             HP-UX Systems running snmpd or OPENVIEW
             ----------------------------------------------------------
             The following patches are available now:

             PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch
             PHSS_26138 s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch

             PSOV_03087 EMANATE Release 14.2 Solaris 2.X Agent Consolidated   Patch

             All three patches are available from:

             http://support.openview.hp.com/cpe/patches/

             In addition PHSS_26137 and PHSS_26138 will soon be available from:

             http://itrc.hp.com

             NOTE: The patches are labeled OV(Open View). However, the patches
             are also applicable to systems that are not running Open View.
            


             Any HP-UX 10.X or 11.X system running snmpd or snmpdm is vulnerable.
             To determine if your HP-UX system has snmpd or snmpdm installed:

             swlist -l file | grep snmpd

             If a patch is not available for your platform or you cannot install
             an available patch, snmpd and snmpdm can be disabled by removing their
             entries from /etc/services and removing the execute permissions from
             /usr/sbin/snmpd and /usr/sbin/snmpdm.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.