[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] (no subject)
- Subject: Re: [cobalt-security] (no subject)
- From: Matt Barton <matt@xxxxxxxxxx>
- Date: Thu, 14 Feb 2002 10:14:08 -0500 (EST)
- Organization: Webexcellence
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thu, 14 Feb 2002, dean browett wrote:
> When can I expect to be able to get a pkg for the recent snmp
> vulnerability disclosure or can someone point me in the direction of
> another source?
I executed "/usr/sbin/snmpd -V" on my RaQ 4 and got the following.
cmu-snmp for Linux v3.7; Jul 1999
http://www.gaertner.de/snmp/ -- The Linux CMU SNMP Project
(compiled without IPX support)
The CERT advisory that was released on Tuesday did not mention the CMU
SNMP Project in the vendor list. So I went to the URL above and it said
that the CMU SNMP Project has been discontinued. It recommends switching
to NET-SNMP (aka UCD-SNMP).
I think that if Cobalt is going to patch the service we'll end up getting
a completely different SNMP agent, which is likely to push the release
date of the package.
I was using MRTG, which uses SNMP, to monitor bandwidth usage on the two
Cobalt's we have, but I have turned off SNMP after read the advisory,
which is what I recommend we all do until Cobalt advises us.
--
Matt Barton
Webexcellence
matt@xxxxxxxxxx
Phone: 317.423.3548 x22
Fax: 317.423.8735
www.webexc.com