No subject

[Gary McWilliams]

Frank,

do you have specific details of what the issues are (were) with versions of 
SNMP++ before 3.1.4b?

I have upgraded to 3.1.6, but my QA & marketing guys are asking me to find 
out what to tell clients.

Is there a 'major' issue that *requires* clients to upgrade?
For example, is the most serious problem a DoS issue, or could the issue 
cause execution of malicious code?

My own code runs on win2k. Are there different issues with windows / *nix 
code?




-----Original Message-----
From: Frank.Fock____t-online.de [mailto:Frank.Fock____t-online.de]
Sent: 18 February 2002 19:00
To: Vasay, Al
Cc: agentpp-dl____agentpp.com
Subject: Re: SNMP Vulnerability



Al,

I posted a message regarding the CERT/CC Advisory a few days
ago to the AGENT++ mailing list. The answer to your question is:
Yes, SNMP++ before v3.1.4b had a problem regarding this.
AGENT++ is not affected. So upgrade to v3.1.5 and recompile
everything.That's all.

Hope this helps.

Best regards,
Frank

"Vasay, Al" wrote:

>Hi,
>
>Is anybody aware of this news? Are we AGENT++ users affected by this?
>
>Excerpt from a Bruce Scheidner essay.
>
>"A large SNMP vulnerability has been announced, affecting hundreds of
>
>products. This vulnerabilty has been known in the security community since
>
>at least October, but has been held from the public for so long so that
>
>vendors would have time to patch their products. I'll write more about
>
>this next month."
>
><http://www.counterpane.com/alert-snmp.html>
>
><http://www.cert.org/advisories/CA-2002-03.html>
>
><http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/>
>
><http://www.counterpane.com/pr-snmp.html>
>
>Thanks, Al Vasay Diebold, Inc. North Canton, OH U.S.A





_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com