Dell Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
- Vendor Information Help Date Notified: 18 Jan 2002
- Statement Date:
- Date Updated: 19 Apr 2002
Dell PowerEdge, Dell OpenManage
Dell PowerEdge servers running Dell OpenManage software utilize SNMPv1, however this software makes use of the operating system’s master SNMP agent. After applying the appropriate update(s) from the operating system manufacturer, Dell SNMP agents are not affected.
Solution: Apply the appropriate update(s) provided by the operating system vendor. For more information, click here.
The following Dell PowerVault storage systems have been found vulnerable to the OUSPG SNMPv1 test suite:
Dell PowerVault 701N
Dell PowerVault 705N
Solution: These devices require an update from Dell.
The Dell PowerVault Assist utility that is required to update both PowerVault 701N and PowerVault 705N devices can be found here.
The updated image for both the PowerVault 701N and PowerVault 705N devices can be found here.
The following Dell PowerApp appliance has been found vulnerable to the OUSPG SNMPv1 test suite:
Dell PowerApp 220 (Dell PowerApp.BIG-IP)
Solution: This device requires an update from Dell.
Information regarding the update for non-encrypted devices can be found here.
Information regarding the update for encrypted devices can be found here.
All Dell PowerConnect devices successfully passed the test cases provided by the OUSPG SNMPv1 test suite.
Operating System Vendor Information
The following Dell supported operating system vendors have released information regarding their SNMPv1 vulnerabilities:
Dell Computer Corporation has provided this advisory bulletin in response to the concerns raised by OUSPG and to provide information to users of Dell systems regarding its SNMP implementation. Dell recommends that user's review this information and determine its applicability to their individual situations. In addition, Dell does not provide any warranty as to the accuracy or completeness of this information and will not be liable for damages that may result from usage or disregard of the information provided. The information provided is subject to change. For further information and related updates, please contact your standard Dell support channel. Dell retains ownership of its trademarks and service marks as well as the information contained in this advisory bulletin.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.