TID-2961546 SNMP vulnerability fix for NW 4.x, 5.x, 6.x ( 07MAR2002)

Technical Information Document

SNMP vulnerability fix for NW 4.x, 5.x, 6.x - TID2961546 (last modified 07MAR2002)

2961546 2961546

associated file

Click filename to download:
snmpfix.exe; 148302 bytes; Date/Time: 03-07-2002/10:28AM

abstract

This patch addresses the SNMP Vulnerability issues listed in the Issues Section of this readme.

The files SNMPLOG.NLM & SNMPLOG.MSG are the same as the ones we ship with NW5.1 SP4 and NW6 SP1. But the files SNMP.NLM & SNMP.MSG are newer in this TID than the files shipping in NW5.1 SP4 and NW 6 SP1. Hence if the support pack is already applied then only SNMP.NLM & SNMP.MSG has to be replaced else all the the four files have to be replaced.

These modules will not be in a NetWare 4.x Support Pack. This was tested on 4.11, 4.2, 5.0, 5.1, and 6.0 only.

installation

Replace the files on your server with the ones in this patch in the appropriate directories. The NLMs should go to sys:\system folder and msg files should go to sys:\system\nls\4 folder.

After you replace them you need to unload and reload SNMP and the best way to do that is to reboot the server.

issue

THIS PATCH ADDRESS THE FOLLOWING ISSUES
VU#107186 - Multiple vulnerabilities in SNMPv1 trap handling

SNMP trap messages are sent from agents to managers. A trap message may indicate a warning or error condition or otherwise notify the manager about the agent's state. SNMP managers must properly decode trap messages and process the resulting data. In testing, OUSPG found multiple vulnerabilities in the way many SNMP managers decode and process SNMP trap messages.

VU#854306 - Multiple vulnerabilities in SNMPv1 request handling

SNMP request messages are sent from managers to agents. Request messages might be issued to obtain information from an agent or to instruct the agent to configure the host device. SNMP agents must properly decode request messages and process the resulting data. In testing, OUSPG found multiple vulnerabilities in the way many SNMP agents decode and process SNMP request messages.

contents

Self-Extracting File Name:  snmpfix.exe

Files Included       Size   Date         Time    Version   Checksum

\
   SNMPFIX.TXT       3321   03-07-2002   10:28AM
\system
      SNMP.NLM     111898   02-15-2002   09:09AM
   SNMPLOG.NLM      16774   01-03-2002   04:42PM
\system\nls\4
      SNMP.MSG       4189   02-15-2002   09:09AM
   SNMPLOG.MSG        785   01-03-2002   04:42PM

Document Title:	SNMP vulnerability fix for NW 4.x, 5.x, 6.x
Document ID:	2961546
Creation Date:	15FEB2002
Modified Date:	07MAR2002
Document Revision:	4
Novell Product Class:	Management Products NetWare
Novell Product and Version:	ZENworks for Servers NetWare 4.2 NetWare 5 NetWare 5.1 NetWare 6 NetWare for Small Business 4.2

Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.