<P> <P> <B><I>Ellen M <ejmay@xxxxxxxxx></I></B> wrote: <BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Date: Thu, 14 Feb 2002 13:31:29 -0800 (PST)<BR>From: Ellen M <EJMAY@xxxxxxxxx><BR>Subject: SNMP flaw<BR>To: <A href="mailto:pchelpers@xxxxxxxxxxxxx";>pchelpers@xxxxxxxxxxxxx</A><BR><BR> <P> here's something I found at C|Net <P> <TABLE cellSpacing=0 cellPadding=3 width="100%" border=0> <TBODY> <TR> <TD vAlign=top bgColor=#ccccff></TD></TR><!-- CC --><!-- Subject --> <TR> <TD vAlign=top bgColor=#333366> <DIV align=right><FONT face=verdana,tahoma,helvetica color=#ffffff size=2><B>Subject:</B></FONT></DIV></TD> <TD vAlign=top bgColor=#ccccff> <DIV align=left><FONT face=verdana,tahoma,helvetica size=2><B>CNET: SNMP flaw could disrupt the Net</B></FONT> <A onmouseover="return hint('Edit the subject of this message')" onmouseout="return hint()" href="javascript:editSubject()"></A></DIV></TD></TR><!-- Message --> <TR> <TD vAlign=top bgColor=#ffffff colSpan=2><OB_CLEANED_BODY bgcolor="#eeeeee"> <CENTER><A href="http://www.onebox.com/m/top";></A><!-- header --> <TABLE cellSpacing=0 cellPadding=0 width=612 bgColor=#ffffff border=0> <TBODY> <TR vAlign=top> <TD width=442 colSpan=4><IMG height=60 alt="CNET Virus & Security Newsletter" src="http://a.r.tv.com/cnet.1d/i/nl/sw/442_viriusHEAD_NEWSLTR.gif"; width=442 border=0><BR> <TABLE cellSpacing=0 cellPadding=0 width=442 bgColor=#ffcc00 border=0> <TBODY> <TR> <TD bgColor=#000000 colSpan=3><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0><BR></TD></TR> <TR> <TD width=1 bgColor=#000000 rowSpan=2><IMG height=10 src="http://home.cnet.com/b.gif"; width=1 border=0><BR></TD> <TD width=10 rowSpan=2><IMG height=10 src="http://home.cnet.com/b.gif"; width=1 border=0><BR></TD> <TD width=430><IMG height=10 src="http://home.cnet.com/b.gif"; width=1 border=0><BR></TD></TR> <TR> <TD bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0><BR></TD></TR></TBODY></TABLE></TD><!-- Skyscraper column --> <TD width=160 rowSpan=2><IMG height=18 src="http://home.cnet.com/i/dp/dd_b.gif"; width=160 border=0><BR> <TABLE cellSpacing=0 cellPadding=0 width=160 border=0> <TBODY> <TR> <TD align=middle bgColor=#eeeeee><IMG height=10 src="http://www.cnet.com/Ads/Media/Images/ad10-dk.gif"; width=120 border=0><BR></TD></TR></TBODY></TABLE><!-- begin standard 160x600 new skyscraper rotation default --><A target=_top href="http://clickthru.online.com/Click?q=a2-6-M7QXZeFz23Y-E9R6Q9k_EtOEeR";><IMG height=600 src="http://ads.zdnet.com/cgi-bin/rad/aami.exe/RGROUP=r2560"; width=160 border=0></A> <!-- end standard 160x600 new skyscraper rotation default --><BR> <BR><!-- right column content --> <BR></TD> <TD width=9 rowSpan=2><IMG height=60 src="http://home.cnet.com/i/dp/dd_c.gif"; width=9 border=0><BR> <TABLE cellSpacing=0 cellPadding=0 width=9 border=0> <TBODY> <TR> <TD bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=9 border=0><BR></TD></TR> <TR> <TD bgColor=#ffcc00><IMG height=10 src="http://home.cnet.com/b.gif"; width=9 border=0><BR></TD></TR> <TR> <TD bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=9 border=0><BR></TD></TR></TBODY></TABLE></TD> <TD width=1 bgColor=#000000 rowSpan=2> <TABLE cellSpacing=0 cellPadding=0 width=1 border=0> <TBODY> <TR> <TD bgColor=#eeeeee><IMG height=60 src="http://home.cnet.com/b.gif"; width=1 border=0><BR></TD></TR></TBODY></TABLE></TD></TR><!-- promo section --> <TR vAlign=top> <TD width=1 bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD> <TD width=10 bgColor=#ffcc00><IMG height=1 src="http://home.cnet.com/b.gif"; width=10 border=0><BR></TD> <TD width=1 bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD> <TD width=430 bgColor=#ffffff> <TABLE cellSpacing=0 cellPadding=0 width=430 bgColor=#ffffef border=0> <TBODY> <TR vAlign=top> <TD width=10><IMG height=1 alt="" src="http://home.cnet.com/b.gif"; width=10 border=0><BR></TD> <TD width=412><IMG height=3 src="http://home.cnet.com/b.gif"; width=1 border=0><BR><IMG height=1 src="http://home.cnet.com/b.gif"; width=10 border=0><FONT face="Arial, Helvetica" size=-2>February 13, 2002</FONT><BR><IMG height=3 src="http://home.cnet.com/b.gif"; width=1 border=0><BR> <TABLE cellSpacing=0 cellPadding=0 width=412 border=0> <TBODY> <TR vAlign=top> <TD align=right width=76><IMG height=86 src="http://a.r.tv.com/cnet.1d/i/nl/sw/66x86_robertv.gif"; width=66><BR><FONT face="arial, helvetica" color=#666666 size=-2>--<A href="mailto:robert.vamosi@xxxxxxxx";>Robert Vamosi</A><BR>Virus & Security Guru<BR>CNET Software and Internet Services</FONT></TD> <TD width=10> </TD> <TD><FONT face="Arial, Helvetica"><FONT color=#333333><B>Dear Readers,</B></FONT><BR><FONT size=-1>From time to time, this newsletter will focus on important security issues in addition to its usual virus topics. As you may have heard, there's a newly discovered, easily exploited flaw in the Simple Network Management Protocol (SNMP) that underlies parts of the Internet. Sound scary? It is, but most of us won't be directly affected by the glitch. However, if you use SNMP in a router on your home network, check with your vendor to see if software updates are available. I've devoted this week's alert to answering basic questions about SNMP and its security flaw, so read on. </FONT><BR> <BR></FONT></TD></TR></TBODY></TABLE></TD> <TD width=8><IMG height=1 alt="" src="http://home.cnet.com/b.gif"; width=8 border=0><BR></TD></TR></TBODY></TABLE><!-- bottom rule --> <TABLE cellSpacing=0 cellPadding=0 width=430 border=0> <TBODY> <TR vAlign=top> <TD bgColor=#f7d69c><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD></TR></TBODY></TABLE> <TABLE cellSpacing=0 cellPadding=10 width="100%" border=0> <TBODY> <TR> <TD><FONT face="Arial, Helvetica"><IMG height=19 alt=Alerts src="http://www.cnet.com/i/nl/sw/HEAD_alerts.psd-1.gif"; width=125 border=0><BR><IMG height=8 src="http://home.cnet.com/i/nl/rule.gif"; width=410 border=0><BR> <TABLE cellSpacing=0 cellPadding=0 width=93 align=left border=0> <TBODY> <TR> <TD><A href="http://clickthru.online.com/Click?q=b7-FOgPQ8JeOqie1qp0N-NIpT5dWNnR";><IMG height=110 src="http://www.cnet.com/i/tt/col/021302broken.jpg"; width=85 border=0></A></TD></TR></TBODY></TABLE><FONT face="arial, helvetica"><B>SNMP is vulnerable: should you care?</B><BR><FONT size=-1>The Computer Emergency Response Team (CERT), an organization based at Carnegie Mellon University, warned this week that users of Simple Network Management Protocol (SNMP) are vulnerable to attack by malicious users. The vulnerability could be used to launch denial of service attacks and buffer overflow errors, which could then lead to others taking control of the affected device. While there have been no specific attacks directed at SNMP, vendors are encouraging users to update their software and firmware accordingly. <P>By default, Windows users are not at risk. However, if you have enabled SNMP for any reason, Microsoft recommends that you disable it until a patch is available. Here's how: <P><B>Windows 95/98/98 SE</B>: Double-click Network in the Control Panel. If SNMP Agent is listed under installed components on the Configuration tab, select and remove it. Additionally, check the following Registry keys: <P>Hkey_local_machine\Software\Microsoft\Windows\CurrentVersion \RunServices <P>and <P>Hkey_local_machine\Software\Microsoft\Windows \CurrentVersion\Run <P>for snmp.exe. <P><B>Warning:</B> If you are unfamiliar with editing Registry files, do not attempt to do so without professional help. <P><B>Windows 2000/XP</B>: Right-click My Computer, then double-click Manage, Services And Applications, and Services. If SNMP is listed, click it to turn it off. <P><B>Linux:</B> Users of Red Hat Linux should visit <A target=blank href="http://clickthru.online.com/Click?q=cc-h4fQQ0O6962NCqW7qlnsozs6mqPR";>this site</A>. <P><B>Macintosh:</B> At present, Mac users are not affected. <P><B>Routers:</B> Users of Cisco routers may refer to <A href="http://clickthru.online.com/Click?q=e2-J1OpQhyn6RLiJKqENNIEdiWv5DeR";>this site</A>. <P><IMG height=20 alt=News src="http://www.cnet.com/i/nl/sw/RHC_news.psd-1.gif"; width=150 border=0><BR><IMG height=8 src="http://home.cnet.com/i/nl/rule.gif"; width=410 border=0><BR><FONT face="arial, helvetica"><B><A href="http://clickthru.online.com/Click?q=f7-N0QnQLgnmSV1rQHlrcE9iRtIfInR";>SNMP flaw could disrupt the Net</A></B><BR><FONT size=-1>Software flaws in a fundamental language of the Internet could leave the Net's basic infrastructure in danger of disruption if the holes are left unpatched, an Internet security watchdog warned on Tuesday. </FONT> <P><IMG height=20 alt="Software Mailbag" src="http://a.r.tv.com/cnet.1d/i/nl/sw/rhc_mail.gif"; width=150 border=0 NOSEND="1"> <IMG height=8 src="http://home.cnet.com/i/nl/rule.gif"; width=410 border=0><BR><FONT face="arial, helvetica"><B>What is SNMP?</B><BR><FONT size=-1>Basically, Simple Network Management Protocol (SNMP) manages the exchange of information between network devices. Hardware devices such as DSL, cable modems, Wireless Access Points, and routers all use SNMP. <P>Chances are you won't be directly affected by the CERT warning. Your ISP or corporate IT department will make any changes necessary. However, we are all indirectly affected by the advisory and potential threat. If a malicious user designs an attack using these SNMP flaws, service on the Internet could be interrupted. <P>For more detailed information, CERT provides this <A target=blank href="http://clickthru.online.com/Click?q=0c-_Y3DIc8fFvL-0VfWDEdFqJ-3iiPR";>SNMP FAQ</A> </FONT><BR><IMG height=5 src="http://home.cnet.com/b.gif"; width=410 border=0><BR></FONT><BR><!-- Dispatch Brick --> <P><IMG height=20 src="http://home.cnet.com/Ads/Media/Images/RHC_ALSOfromCNETnet.gif"; width=150 border=0 NOSEND="1"> <IMG height=8 src="http://home.cnet.com/i/it/newsletter/rule2.gif"; width=410 border=0 NOSEND="1"><BR> <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0> <TBODY> <TR vAlign=top> <TD><FONT face="arial, helvetica" size=-1><B> <UL> <LI><A href="http://clickthru.online.com/Click?q=21-UPROIjdwyZ4Va_YoQI-uj1lT8iiR";>CNET reviews four <B>low-cost</B> Web hosts </A> <LI><A href="http://clickthru.online.com/Click?q=36-wg7-IiIvmTINojaMxgDlQa9n-_rR";>Check out the top 10 blockbuster products </A> <LI><A href="http://clickthru.online.com/Click?q=4b-k_l7IBUpWfUrT9QP9aSl5cb40w9R";>Boost your career with a new tech job </A> <LI><A href="http://clickthru.online.com/Click?q=60-oqItIsElhXwqJJDLNLAAeSJFL0FR";>Building your own Web site is quick and easy </A> <LI><A href="http://clickthru.online.com/Click?q=75-whwtIKUlzc-a8oo_rEyWs7xLBqsR";>ZDNet Tech Update: HP giving away Blade technology </A></LI></UL></B></FONT></TD></TR></TBODY></TABLE></P><!-- End Dispatch Brick --><IMG height=8 src="http://home.cnet.com/i/nl/rule.gif"; width=410 border=0><BR></FONT></FONT></FONT></FONT></TD></TR></TBODY></TABLE><!-- Begin search box --> <CENTER> <TABLE cellSpacing=0 cellPadding=1 width="90%" border=0> <TBODY> <TR> <TD bgColor=#cccccc> <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0> <FORM action=http://home.cnet.com/search/redirector/1,10207,0-0,00.html method=get> <TBODY> <TR vAlign=center align=middle bgColor=#ffffff> <TD noWrap align=right height=40> </TD> <TD class=f><FONT face="arial, helvetica" size=-1><B>Search</B> </FONT></TD> <TD align=left><INPUT class=f maxLength=255 size=18 name=qt></TD> <TD> <SELECT name=tg><OPTION value=sw-8888 selected>In Software<OPTION value=nw>All CNET <OPTION value=wb>The Web</OPTION></SELECT></FONT> <CENTER></CENTER></TD> <TD> <INPUT class=f type=submit value=" Go! " name=search> <INPUT type=hidden value=st.sw.8888.sbsr name=tt></TD></TR></FORM></TBODY></TABLE></TD></TR></TBODY></TABLE></CENTER><!-- End search box --><IMG height=8 src="http://home.cnet.com/b.gif"; width=1 border=0><BR></TD></TR></TBODY></TABLE><!-- Thin grey line --> <TABLE cellSpacing=0 cellPadding=0 width=612 border=0> <TBODY> <TR vAlign=top> <TD width=1 bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD> <TD width=10 bgColor=#ffcc00><IMG height=1 src="http://home.cnet.com/b.gif"; width=10 border=0></TD> <TD width=1 bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD> <TD width=599 bgColor=#cccccc><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD> <TD width=1 bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD></TR></TBODY></TABLE> <TABLE cellSpacing=0 cellPadding=0 width=612 border=0> <TBODY> <TR vAlign=top> <TD width=1 bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD> <TD width=10 bgColor=#ffcc00><IMG height=1 src="http://home.cnet.com/b.gif"; width=10 border=0></TD> <TD width=1 bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD> <TD width=600 bgColor=#000000><IMG height=1 src="http://home.cnet.com/b.gif"; width=1 border=0></TD></TR></TBODY></TABLE><!-- ### footer ### --> <TABLE cellSpacing=0 cellPadding=0 width=612 bgColor=#000000 border=0> <TBODY> <TR> <TD width=1><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD> <TD width=10 bgColor=#ffcc00><IMG height=1 src="http://www.cnet.com/b.gif"; width=10></TD> <TD width=1><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD> <TD width=599 bgColor=#cccccc><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD> <TD width=1><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD></TR></TBODY></TABLE> <TABLE cellSpacing=0 cellPadding=0 width=612 bgColor=#eeeeee border=0> <TBODY> <TR> <TD width=1 bgColor=#000000><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD> <TD width=10 bgColor=#ffcc00><IMG height=1 src="http://www.cnet.com/b.gif"; width=10></TD> <TD width=1 bgColor=#000000><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD> <TD width=12><IMG height=1 src="http://www.cnet.com/b.gif"; width=12></TD> <TD width=575><IMG height=10 src="http://www.cnet.com/b.gif"; width=1><BR><A href="http://clickthru.online.com/Click?q=8b-SBGBQY0glE2fYJSEYqIZlDW4Z84R";><IMG height=18 alt="Sign up for more free newsletters from CNET!" src="http://a.r.tv.com/cnet.1d/i/nl/ft.gif"; width=375 border=0></A><BR><!-- subscription management --><FONT face="ms sans serif, geneva" size=-2>The e-mail address for your subscription is ejm7@xxxxxxxxxx<BR>To unsubscribe from this newsletter <A href="http://clickthru.online.com/Click?q=a0-11a8rWBTc3HksDlBZn2D1PoFg7XM"; NOTRACK>click here</A>.<BR>Please send any questions, comments, or concerns to <A href="mailto:newsletters@xxxxxxxx";>newsletters@xxxxxxxx</A><BR></FONT><!-- /subscription management--></FONT><IMG height=8 src="http://www.zdnet.com/b.gif"; width=1></TD> <TD width=12><IMG height=1 src="http://www.cnet.com/b.gif"; width=12></TD> <TD width=1 bgColor=#000000><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD></TR></TBODY></TABLE> <TABLE cellSpacing=0 cellPadding=0 width=612 bgColor=#000000 border=0> <TBODY> <TR> <TD width=1><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD> <TD width=10 bgColor=#ffcc00><IMG height=1 src="http://www.cnet.com/b.gif"; width=10></TD> <TD width=601><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD></TR></TBODY></TABLE> <TABLE cellSpacing=0 cellPadding=0 width=612 bgColor=#ffcc00 border=0> <TBODY> <TR> <TD width=1 bgColor=#000000><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD> <TD width=10><IMG height=1 src="http://www.cnet.com/b.gif"; width=10></TD> <TD width=37><A href="http://clickthru.online.com/Click?q=b5-50FcQ7Ui53eBB_P1P3jT5Z2EPuyR";><IMG height=37 src="http://www.cnet.com/i/dp/smrb.gif"; width=37 border=0></A></TD> <TD noWrap width=563><FONT face="arial, helvetica" size=-1><A href="http://clickthru.online.com/Click?q=ca-iciuQUg1C8x-DTXclLqxOf4HuheR";><FONT color=#000000>Price comparisons</FONT></A> | <A href="http://clickthru.online.com/Click?q=df-1kJhQLE1xjt_ERofbWjQKh-Xx6nR";><FONT color=#000000>Product reviews</FONT></A> | <A href="http://clickthru.online.com/Click?q=f4-Y-XEQ0ssSAU9lD7uUY2-ddUWfXPR";><FONT color=#000000>Tech news</FONT></A> | <A href="http://clickthru.online.com/Click?q=09-joDSIj8csJRxYd1LYkA6ZMJt61iR";><FONT color=#000000>Downloads</FONT></A> | <A href="http://clickthru.online.com/Click?q=1f-rvwqI58Dv4IqtAM1x1-VHo5jRLnR";><FONT color=#000000>All CNET services</FONT></A> </FONT></TD> <TD width=1 bgColor=#000000><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD></TR></TBODY></TABLE> <TABLE cellSpacing=0 cellPadding=0 width=612 border=0> <TBODY> <TR> <TD bgColor=#000000><IMG height=1 src="http://www.cnet.com/b.gif"; width=1></TD></TR> <TR> <TD height=25><FONT face="ms sans serif, geneva" size=-2> <TABLE cellSpacing=2 cellPadding=1 width="100%" border=0> <TBODY> <TR vAlign=bottom> <TD width="75%" height=31> <P></FONT><BR><B><FONT face=Arial, size=2 sans-serif Helvetica,>Copyright 2002 CNET Networks, Inc. All rights reserved. </FONT></B></P></TD> <TD vAlign=top height=31> <DIV align=right><IMG height=1 src="http://gserv-cnet.zdnet.com/clear/outbound.gif?APPID=2&EMID=16733414&NL=e461&ISSUE=2002-02-13"; width=1> </DIV></TD></TR> <TR> <TD colSpan=2><FONT face=Arial, size=2 sans-serif Helvetica,></FONT></TD></TR></TBODY></TABLE></A>.</FONT></TD></TR></TBODY></TABLE></CENTER></TD></TR></TBODY></TABLE></P> <P>Cheers!</P> <P>Ellen<BR><BR></P></BLOCKQUOTE> __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com