[pchelpers] SNMP flaw

• From: Ellen M <ejmay@xxxxxxxxx>
• To: pchelpers@xxxxxxxxxxxxx
• Date: Tue, 19 Feb 2002 13:01:55 -0800 (PST)

<P> 
<P>&nbsp; <B><I>Ellen M
&lt;ejmay@xxxxxxxxx&gt;</I></B> wrote: 
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT:
5px; BORDER-LEFT: #1010ff 2px solid">Date: Thu, 14 Feb
2002 13:31:29 -0800 (PST)<BR>From: Ellen M
<EJMAY@xxxxxxxxx><BR>Subject: SNMP flaw<BR>To: <A
href="mailto:pchelpers@xxxxxxxxxxxxx";>pchelpers@xxxxxxxxxxxxx</A><BR><BR>
<P>&nbsp; here's something I found at C|Net 
<P>
<TABLE cellSpacing=0 cellPadding=3 width="100%"
border=0>
<TBODY>
<TR>
<TD vAlign=top bgColor=#ccccff></TD></TR><!-- CC
--><!-- Subject -->
<TR>
<TD vAlign=top bgColor=#333366>
<DIV align=right><FONT face=verdana,tahoma,helvetica
color=#ffffff size=2><B>Subject:</B></FONT></DIV></TD>
<TD vAlign=top bgColor=#ccccff>
<DIV align=left><FONT face=verdana,tahoma,helvetica
size=2><B>CNET: SNMP flaw could disrupt the
Net</B></FONT>&nbsp;<A onmouseover="return hint('Edit
the subject of this message')" onmouseout="return
hint()"
href="javascript:editSubject()"></A></DIV></TD></TR><!--
Message -->
<TR>
<TD vAlign=top bgColor=#ffffff
colSpan=2><OB_CLEANED_BODY bgcolor="#eeeeee">
<CENTER><A href="http://www.onebox.com/m/top";></A><!--
header -->
<TABLE cellSpacing=0 cellPadding=0 width=612
bgColor=#ffffff border=0>
<TBODY>
<TR vAlign=top>
<TD width=442 colSpan=4><IMG height=60 alt="CNET Virus
&amp; Security Newsletter"
src="http://a.r.tv.com/cnet.1d/i/nl/sw/442_viriusHEAD_NEWSLTR.gif";
width=442 border=0><BR>
<TABLE cellSpacing=0 cellPadding=0 width=442
bgColor=#ffcc00 border=0>
<TBODY>
<TR>
<TD bgColor=#000000 colSpan=3><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0><BR></TD></TR>
<TR>
<TD width=1 bgColor=#000000 rowSpan=2><IMG height=10
src="http://home.cnet.com/b.gif"; width=1
border=0><BR></TD>
<TD width=10 rowSpan=2><IMG height=10
src="http://home.cnet.com/b.gif"; width=1
border=0><BR></TD>
<TD width=430><IMG height=10
src="http://home.cnet.com/b.gif"; width=1
border=0><BR></TD></TR>
<TR>
<TD bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0><BR></TD></TR></TBODY></TABLE></TD><!--
Skyscraper column -->
<TD width=160 rowSpan=2><IMG height=18
src="http://home.cnet.com/i/dp/dd_b.gif"; width=160
border=0><BR>
<TABLE cellSpacing=0 cellPadding=0 width=160 border=0>
<TBODY>
<TR>
<TD align=middle bgColor=#eeeeee><IMG height=10
src="http://www.cnet.com/Ads/Media/Images/ad10-dk.gif";
width=120 border=0><BR></TD></TR></TBODY></TABLE><!--
begin standard 160x600 new skyscraper rotation default
--><A target=_top
href="http://clickthru.online.com/Click?q=a2-6-M7QXZeFz23Y-E9R6Q9k_EtOEeR";><IMG
height=600
src="http://ads.zdnet.com/cgi-bin/rad/aami.exe/RGROUP=r2560";
width=160 border=0></A> <!-- end standard 160x600 new
skyscraper rotation default --><BR>&nbsp;<BR><!--
right column content -->&nbsp;<BR></TD>
<TD width=9 rowSpan=2><IMG height=60
src="http://home.cnet.com/i/dp/dd_c.gif"; width=9
border=0><BR>
<TABLE cellSpacing=0 cellPadding=0 width=9 border=0>
<TBODY>
<TR>
<TD bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=9
border=0><BR></TD></TR>
<TR>
<TD bgColor=#ffcc00><IMG height=10
src="http://home.cnet.com/b.gif"; width=9
border=0><BR></TD></TR>
<TR>
<TD bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=9
border=0><BR></TD></TR></TBODY></TABLE></TD>
<TD width=1 bgColor=#000000 rowSpan=2>
<TABLE cellSpacing=0 cellPadding=0 width=1 border=0>
<TBODY>
<TR>
<TD bgColor=#eeeeee><IMG height=60
src="http://home.cnet.com/b.gif"; width=1
border=0><BR></TD></TR></TBODY></TABLE></TD></TR><!--
promo section -->
<TR vAlign=top>
<TD width=1 bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD>
<TD width=10 bgColor=#ffcc00><IMG height=1
src="http://home.cnet.com/b.gif"; width=10
border=0><BR></TD>
<TD width=1 bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD>
<TD width=430 bgColor=#ffffff>
<TABLE cellSpacing=0 cellPadding=0 width=430
bgColor=#ffffef border=0>
<TBODY>
<TR vAlign=top>
<TD width=10><IMG height=1 alt=""
src="http://home.cnet.com/b.gif"; width=10
border=0><BR></TD>
<TD width=412><IMG height=3
src="http://home.cnet.com/b.gif"; width=1
border=0><BR><IMG height=1
src="http://home.cnet.com/b.gif"; width=10
border=0><FONT face="Arial, Helvetica"
size=-2>February 13, 2002</FONT><BR><IMG height=3
src="http://home.cnet.com/b.gif"; width=1 border=0><BR>
<TABLE cellSpacing=0 cellPadding=0 width=412 border=0>
<TBODY>
<TR vAlign=top>
<TD align=right width=76><IMG height=86
src="http://a.r.tv.com/cnet.1d/i/nl/sw/66x86_robertv.gif";
width=66><BR><FONT face="arial, helvetica"
color=#666666 size=-2>--<A
href="mailto:robert.vamosi@xxxxxxxx";>Robert
Vamosi</A><BR>Virus &amp; Security Guru<BR>CNET
Software and Internet Services</FONT></TD>
<TD width=10>&nbsp;</TD>
<TD><FONT face="Arial, Helvetica"><FONT
color=#333333><B>Dear Readers,</B></FONT><BR><FONT
size=-1>From time to time, this newsletter will focus
on important security issues in addition to its usual
virus topics. As you may have heard, there's a newly
discovered, easily exploited flaw in the Simple
Network Management Protocol (SNMP) that underlies
parts of the Internet. Sound scary? It is, but most of
us won't be directly affected by the glitch. However,
if you use SNMP in a router on your home network,
check with your vendor to see if software updates are
available. I've devoted this week's alert to answering
basic questions about SNMP and its security flaw, so
read on.
</FONT><BR>&nbsp;<BR></FONT></TD></TR></TBODY></TABLE></TD>
<TD width=8><IMG height=1 alt=""
src="http://home.cnet.com/b.gif"; width=8
border=0><BR></TD></TR></TBODY></TABLE><!-- bottom
rule -->
<TABLE cellSpacing=0 cellPadding=0 width=430 border=0>
<TBODY>
<TR vAlign=top>
<TD bgColor=#f7d69c><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=10 width="100%"
border=0>
<TBODY>
<TR>
<TD><FONT face="Arial, Helvetica"><IMG height=19
alt=Alerts
src="http://www.cnet.com/i/nl/sw/HEAD_alerts.psd-1.gif";
width=125 border=0><BR><IMG height=8
src="http://home.cnet.com/i/nl/rule.gif"; width=410
border=0><BR>
<TABLE cellSpacing=0 cellPadding=0 width=93 align=left
border=0>
<TBODY>
<TR>
<TD><A
href="http://clickthru.online.com/Click?q=b7-FOgPQ8JeOqie1qp0N-NIpT5dWNnR";><IMG
height=110
src="http://www.cnet.com/i/tt/col/021302broken.jpg";
width=85 border=0></A></TD></TR></TBODY></TABLE><FONT
face="arial, helvetica"><B>SNMP is vulnerable: should
you care?</B><BR><FONT size=-1>The Computer Emergency
Response Team (CERT), an organization based at
Carnegie Mellon University, warned this week that
users of Simple Network Management Protocol (SNMP) are
vulnerable to attack by malicious users. The
vulnerability could be used to launch denial of
service attacks and buffer overflow errors, which
could then lead to others taking control of the
affected device. While there have been no specific
attacks directed at SNMP, vendors are encouraging
users to update their software and firmware
accordingly. 
<P>By default, Windows users are not at risk. However,
if you have enabled SNMP for any reason, Microsoft
recommends that you disable it until a patch is
available. Here's how: 
<P><B>Windows 95/98/98 SE</B>: Double-click Network in
the Control Panel. If SNMP Agent is listed under
installed components on the Configuration tab, select
and remove it. Additionally, check the following
Registry keys: 
<P>Hkey_local_machine\Software\Microsoft\Windows\CurrentVersion
\RunServices 
<P>and 
<P>Hkey_local_machine\Software\Microsoft\Windows
\CurrentVersion\Run 
<P>for snmp.exe. 
<P><B>Warning:</B> If you are unfamiliar with editing
Registry files, do not attempt to do so without
professional help. 
<P><B>Windows 2000/XP</B>: Right-click My Computer,
then double-click Manage, Services And Applications,
and Services. If SNMP is listed, click it to turn it
off. 
<P><B>Linux:</B> Users of Red Hat Linux should visit
<A target=blank
href="http://clickthru.online.com/Click?q=cc-h4fQQ0O6962NCqW7qlnsozs6mqPR";>this
site</A>. 
<P><B>Macintosh:</B> At present, Mac users are not
affected. 
<P><B>Routers:</B> Users of Cisco routers may refer to
<A
href="http://clickthru.online.com/Click?q=e2-J1OpQhyn6RLiJKqENNIEdiWv5DeR";>this
site</A>. 
<P><IMG height=20 alt=News
src="http://www.cnet.com/i/nl/sw/RHC_news.psd-1.gif";
width=150 border=0><BR><IMG height=8
src="http://home.cnet.com/i/nl/rule.gif"; width=410
border=0><BR><FONT face="arial, helvetica"><B><A
href="http://clickthru.online.com/Click?q=f7-N0QnQLgnmSV1rQHlrcE9iRtIfInR";>SNMP
flaw could disrupt the Net</A></B><BR><FONT
size=-1>Software flaws in a fundamental language of
the Internet could leave the Net's basic
infrastructure in danger of disruption if the holes
are left unpatched, an Internet security watchdog
warned on Tuesday. </FONT>
<P><IMG height=20 alt="Software Mailbag"
src="http://a.r.tv.com/cnet.1d/i/nl/sw/rhc_mail.gif";
width=150 border=0 NOSEND="1"> <IMG height=8
src="http://home.cnet.com/i/nl/rule.gif"; width=410
border=0><BR><FONT face="arial, helvetica"><B>What is
SNMP?</B><BR><FONT size=-1>Basically, Simple Network
Management Protocol (SNMP) manages the exchange of
information between network devices. Hardware devices
such as DSL, cable modems, Wireless Access Points, and
routers all use SNMP. 
<P>Chances are you won't be directly affected by the
CERT warning. Your ISP or corporate IT department will
make any changes necessary. However, we are all
indirectly affected by the advisory and potential
threat. If a malicious user designs an attack using
these SNMP flaws, service on the Internet could be
interrupted. 
<P>For more detailed information, CERT provides this
<A target=blank
href="http://clickthru.online.com/Click?q=0c-_Y3DIc8fFvL-0VfWDEdFqJ-3iiPR";>SNMP
FAQ</A> </FONT><BR><IMG height=5
src="http://home.cnet.com/b.gif"; width=410
border=0><BR></FONT><BR><!-- Dispatch Brick -->
<P><IMG height=20
src="http://home.cnet.com/Ads/Media/Images/RHC_ALSOfromCNETnet.gif";
width=150 border=0 NOSEND="1"> <IMG height=8
src="http://home.cnet.com/i/it/newsletter/rule2.gif";
width=410 border=0 NOSEND="1"><BR>
<TABLE cellSpacing=0 cellPadding=0 width="100%"
border=0>
<TBODY>
<TR vAlign=top>
<TD><FONT face="arial, helvetica" size=-1><B>
<UL>
<LI><A
href="http://clickthru.online.com/Click?q=21-UPROIjdwyZ4Va_YoQI-uj1lT8iiR";>CNET
reviews four <B>low-cost</B> Web hosts </A>
<LI><A
href="http://clickthru.online.com/Click?q=36-wg7-IiIvmTINojaMxgDlQa9n-_rR";>Check
out the top 10 blockbuster products </A>
<LI><A
href="http://clickthru.online.com/Click?q=4b-k_l7IBUpWfUrT9QP9aSl5cb40w9R";>Boost
your career with a new tech job </A>
<LI><A
href="http://clickthru.online.com/Click?q=60-oqItIsElhXwqJJDLNLAAeSJFL0FR";>Building
your own Web site is quick and easy </A>
<LI><A
href="http://clickthru.online.com/Click?q=75-whwtIKUlzc-a8oo_rEyWs7xLBqsR";>ZDNet
Tech Update: HP giving away Blade technology
</A></LI></UL></B></FONT></TD></TR></TBODY></TABLE></P><!--
End Dispatch Brick --><IMG height=8
src="http://home.cnet.com/i/nl/rule.gif"; width=410
border=0><BR></FONT></FONT></FONT></FONT></TD></TR></TBODY></TABLE><!--
Begin search box -->
<CENTER>
<TABLE cellSpacing=0 cellPadding=1 width="90%"
border=0>
<TBODY>
<TR>
<TD bgColor=#cccccc>
<TABLE cellSpacing=0 cellPadding=0 width="100%"
border=0>
<FORM
action=http://home.cnet.com/search/redirector/1,10207,0-0,00.html
method=get>
<TBODY>
<TR vAlign=center align=middle bgColor=#ffffff>
<TD noWrap align=right height=40>&nbsp;</TD>
<TD class=f><FONT face="arial, helvetica"
size=-1><B>Search</B>&nbsp;</FONT></TD>
<TD align=left><INPUT class=f maxLength=255 size=18
name=qt></TD>
<TD>&nbsp;<SELECT name=tg><OPTION value=sw-8888
selected>In Software<OPTION value=nw>All
CNET&nbsp;&nbsp;&nbsp;&nbsp;<OPTION value=wb>The
Web</OPTION></SELECT></FONT> 
<CENTER></CENTER></TD>
<TD>&nbsp;<INPUT class=f type=submit value=" Go! "
name=search>&nbsp; <INPUT type=hidden
value=st.sw.8888.sbsr
name=tt></TD></TR></FORM></TBODY></TABLE></TD></TR></TBODY></TABLE></CENTER><!--
End search box --><IMG height=8
src="http://home.cnet.com/b.gif"; width=1
border=0><BR></TD></TR></TBODY></TABLE><!-- Thin grey
line -->
<TABLE cellSpacing=0 cellPadding=0 width=612 border=0>
<TBODY>
<TR vAlign=top>
<TD width=1 bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD>
<TD width=10 bgColor=#ffcc00><IMG height=1
src="http://home.cnet.com/b.gif"; width=10
border=0></TD>
<TD width=1 bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD>
<TD width=599 bgColor=#cccccc><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD>
<TD width=1 bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=612 border=0>
<TBODY>
<TR vAlign=top>
<TD width=1 bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD>
<TD width=10 bgColor=#ffcc00><IMG height=1
src="http://home.cnet.com/b.gif"; width=10
border=0></TD>
<TD width=1 bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD>
<TD width=600 bgColor=#000000><IMG height=1
src="http://home.cnet.com/b.gif"; width=1
border=0></TD></TR></TBODY></TABLE><!-- ### footer ###
-->
<TABLE cellSpacing=0 cellPadding=0 width=612
bgColor=#000000 border=0>
<TBODY>
<TR>
<TD width=1><IMG height=1
src="http://www.cnet.com/b.gif"; width=1></TD>
<TD width=10 bgColor=#ffcc00><IMG height=1
src="http://www.cnet.com/b.gif"; width=10></TD>
<TD width=1><IMG height=1
src="http://www.cnet.com/b.gif"; width=1></TD>
<TD width=599 bgColor=#cccccc><IMG height=1
src="http://www.cnet.com/b.gif"; width=1></TD>
<TD width=1><IMG height=1
src="http://www.cnet.com/b.gif";
width=1></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=612
bgColor=#eeeeee border=0>
<TBODY>
<TR>
<TD width=1 bgColor=#000000><IMG height=1
src="http://www.cnet.com/b.gif"; width=1></TD>
<TD width=10 bgColor=#ffcc00><IMG height=1
src="http://www.cnet.com/b.gif"; width=10></TD>
<TD width=1 bgColor=#000000><IMG height=1
src="http://www.cnet.com/b.gif"; width=1></TD>
<TD width=12><IMG height=1
src="http://www.cnet.com/b.gif"; width=12></TD>
<TD width=575><IMG height=10
src="http://www.cnet.com/b.gif"; width=1><BR><A
href="http://clickthru.online.com/Click?q=8b-SBGBQY0glE2fYJSEYqIZlDW4Z84R";><IMG
height=18 alt="Sign up for more free newsletters from
CNET!" src="http://a.r.tv.com/cnet.1d/i/nl/ft.gif";
width=375 border=0></A><BR><!-- subscription
management --><FONT face="ms sans serif, geneva"
size=-2>The e-mail address for your subscription
is&nbsp;ejm7@xxxxxxxxxx<BR>To unsubscribe from this
newsletter <A
href="http://clickthru.online.com/Click?q=a0-11a8rWBTc3HksDlBZn2D1PoFg7XM";
NOTRACK>click here</A>.<BR>Please send any questions,
comments, or concerns to&nbsp;<A
href="mailto:newsletters@xxxxxxxx";>newsletters@xxxxxxxx</A><BR></FONT><!--
/subscription management--></FONT><IMG height=8
src="http://www.zdnet.com/b.gif"; width=1></TD>
<TD width=12><IMG height=1
src="http://www.cnet.com/b.gif"; width=12></TD>
<TD width=1 bgColor=#000000><IMG height=1
src="http://www.cnet.com/b.gif";
width=1></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=612
bgColor=#000000 border=0>
<TBODY>
<TR>
<TD width=1><IMG height=1
src="http://www.cnet.com/b.gif"; width=1></TD>
<TD width=10 bgColor=#ffcc00><IMG height=1
src="http://www.cnet.com/b.gif"; width=10></TD>
<TD width=601><IMG height=1
src="http://www.cnet.com/b.gif";
width=1></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=612
bgColor=#ffcc00 border=0>
<TBODY>
<TR>
<TD width=1 bgColor=#000000><IMG height=1
src="http://www.cnet.com/b.gif"; width=1></TD>
<TD width=10><IMG height=1
src="http://www.cnet.com/b.gif"; width=10></TD>
<TD width=37><A
href="http://clickthru.online.com/Click?q=b5-50FcQ7Ui53eBB_P1P3jT5Z2EPuyR";><IMG
height=37 src="http://www.cnet.com/i/dp/smrb.gif";
width=37 border=0></A></TD>
<TD noWrap width=563><FONT face="arial, helvetica"
size=-1><A
href="http://clickthru.online.com/Click?q=ca-iciuQUg1C8x-DTXclLqxOf4HuheR";><FONT
color=#000000>Price comparisons</FONT></A> | <A
href="http://clickthru.online.com/Click?q=df-1kJhQLE1xjt_ERofbWjQKh-Xx6nR";><FONT
color=#000000>Product reviews</FONT></A> | <A
href="http://clickthru.online.com/Click?q=f4-Y-XEQ0ssSAU9lD7uUY2-ddUWfXPR";><FONT
color=#000000>Tech news</FONT></A> | <A
href="http://clickthru.online.com/Click?q=09-joDSIj8csJRxYd1LYkA6ZMJt61iR";><FONT
color=#000000>Downloads</FONT></A> | <A
href="http://clickthru.online.com/Click?q=1f-rvwqI58Dv4IqtAM1x1-VHo5jRLnR";><FONT
color=#000000>All CNET services</FONT></A>
</FONT></TD>
<TD width=1 bgColor=#000000><IMG height=1
src="http://www.cnet.com/b.gif";
width=1></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=612 border=0>
<TBODY>
<TR>
<TD bgColor=#000000><IMG height=1
src="http://www.cnet.com/b.gif"; width=1></TD></TR>
<TR>
<TD height=25><FONT face="ms sans serif, geneva"
size=-2>
<TABLE cellSpacing=2 cellPadding=1 width="100%"
border=0>
<TBODY>
<TR vAlign=bottom>
<TD width="75%" height=31>
<P></FONT><BR><B><FONT face=Arial, size=2 sans-serif
Helvetica,>Copyright 2002 CNET Networks, Inc. All
rights reserved. </FONT></B></P></TD>
<TD vAlign=top height=31>
<DIV align=right><IMG height=1
src="http://gserv-cnet.zdnet.com/clear/outbound.gif?APPID=2&amp;EMID=16733414&amp;NL=e461&amp;ISSUE=2002-02-13";
width=1> </DIV></TD></TR>
<TR>
<TD colSpan=2><FONT face=Arial, size=2 sans-serif
Helvetica,></FONT></TD></TR></TBODY></TABLE></A>.</FONT></TD></TR></TBODY></TABLE></CENTER></TD></TR></TBODY></TABLE></P>
<P>Cheers!</P>
<P>Ellen<BR><BR></P></BLOCKQUOTE>

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

• Follow-Ups:
  • [pchelpers] Re: SNMP flaw
    • From: John Durham

Other related posts:

• » [pchelpers] SNMP flaw
• » [pchelpers] Re: SNMP flaw

1. Home
2. pchelpers
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---