|
Tivoli/IBM products have been evaluated for this vulnerability. For further information on this alert, please refer to the CERT Advisory: www.cert.org/advisories/CA-2002-03.html.
Tivoli has identified the following products that implement SNMP v1:
, Tivoli NetView? for UNIX
, Tivoli NetView for Windows?
, Tivoli NetView Mid-Level Manager (MLM)
, Tivoli Comprehensive Network Address Translator (CNAT)
, Tivoli NetView for OS/390?
, Tivoli Enterprise Console? SNMP Adapter
, Tivoli Storage Network Manager
, Tivoli Risk Manager
PREVENTION
As an interim step customers should be directed to secure their networks so as to prevent SNMP access from unknown sources. The CERT advisory contains substantial information on this topic under the heading of "Ingress Filtering".
The following products have been identified for having the potential exposure:
This information is current as of March 29, 2002.
Identified Loss of Service
The following products have been identified as containing issues that can result in loss of service:
, Tivoli Comprehensive Network Address Translator (CNAT)
DETAILS
This product is vulnerable to a temporary loss of service of the AIX system, which causes a loss of connectivity to the portion of the network relying on the CNAT system for NAT routing.
VULNERABILITY
If Tivoli CNAT encounters certain malformed SNMP data in one of these packets, a loss of service of the AIX system will occur.
STATUS
A fix is available (See the section on 'Fix Locations' below).
, Tivoli Enterprise Console SNMP Adapter
DETAILS
The Tivoli Enterprise Console SNMP Adapter is vulnerable to a loss of service when subjected to certain SNMP get requests or traps.
VULNERABILITY
Loss of service of the Tivoli Enterprise Console SNMP Adapter will occur.
STATUS
A fix is currently being tested and will be released.
, Tivoli NetView for UNIX and Windows
DETAILS
Tivoli NetView for UNIX and Tivoli NetView for Windows are vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.
VULNERABILITY
A loss of service of the trapd daemon (UNIX) or service (NT) will occur when an overflow condition occurs and a re-start of the NetView server will be required.
STATUS
A fix is available (See the section on 'Fix Locations' below).
, Tivoli NetView Mid-Level Manager (MLM) Agent for Solaris, HPUX, Windows, DEC and AIX?
DETAILS
The Tivoli NetView Mid-Level Manager (MLM) on Solaris, HPUX, Windows, DEC and AIX (Version 7.1 and earlier) is vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.
VULNERABILITY
Loss of service of the MLM will occur.
STATUS
A fix is available (See the section on 'Fix Locations' below) for all Operating Systems with the exception of HPUX. MLM HPUX is still under test.
, Tivoli NetView for OS/390 Version 1.2, 1.3, and 1.4
DETAILS
ABEND in E/AS (Event Automation Services) Trap-to-Alert adapter when Enterprise Object Identification (OID) is very large can occur.
VULNERABILITY
In Event Automation Services if the trap is too large (on the order of thousands of bytes) you may overrun the buffers tracing data. The remainder of NetView services remain functioning.
STATUS
A fix is available. Tivoli NetView for OS/390 customers are to order the PTF(s) for APAR OW53540. This PTF is not available for download on this site. Rather, please obtain the PTF through IBMLINK (for subscribers), http://techsupport.services.ibm.com/server/fixes, or the IBM Support center.
, Tivoli Risk Manager
DETAILS
The Tivoli Risk Manager utilizes the Tivoli Enterprise Console SNMP Adapter, which is vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.
VULNERABILITY
Loss of service to the Tivoli Enterprise Console SNMP Adapter will impact the visibility of Tivoli Risk Manager in identifying events being sent from Cisco Routers.
STATUS
A fix is currently being tested and will be released.
, Tivoli Storage Network Manager
DETAILS
This condition only affects TSNM's ability to monitor outband events via SNMP traps. TSNM is capable of managing SANs via both outband mechanisms (SNMP queries to FC switches for topology discovery and receives SNMP traps for outband event detection) and inband mechanisms (managed hosts connected to the SAN via FC HBAs for topology and attribute discovery, and inband FC event detection). Outband discovery, inband discovery, and inband event detection are not affected by this condition.
VULNERABILITY
Loss of ability to detect SNMP traps via outband mechanism.
STATUS
This will be fixed in the next version of TSNM.
PREVENTION
In addition to the prevention noted above, customers should configure at least one Windows or SUN managed host per SAN to allow inband detection of SAN events.
FIX LOCATIONS
In addition to service fixes located on this site (See NetView for OS/390 for details on obtaining the PTF), the patches are available at ftp://ftp.tivoli.com/support/Support_Notes/SecurityBulletins/.
Tivoli Comprehensive Network Address Translator (CNAT)
PRODUCT NAME
AVAILABLE DOWNLOAD FILES
Tivoli Comprehensive Network Address Translator (CNAT)
README FIX
Tivoli NetView for UNIX and Tivoli NetView for Windows
PRODUCT NAME
AVAILABLE DOWNLOAD FILES
Version 1.2.2
README FIX
NetView V6.0.3 for Solaris
README FIX
NetView V6.0.3 for Windows NT
README FIX
NetView V7.1 for AIX
README FIX
NetView V7.1 for Solaris
README FIX
NetView V7.1 for Windows NT
README FIX
Tivoli NetView Mid-Level Manager (MLM) Agent for AIX, Digital UNIX, HPUX, Solaris, and Windows
PRODUCT NAME
AVAILABLE DOWNLOAD FILES
AIX - NetView MLM Version 5.0.9
README FIX
AIX - NetView MLM Version 7.1.3
README FIX
Digital UNIX - NetView MLM Version 5.0.9
README FIX
HPUX - NetView MLM Version 5.0.9
not yet available
Solaris - NetView MLM Version 5.0.9
README FIX
Solaris - NetView MLM Version 7.1.3
README FIX
Windows NT/2000 - NetView MLM Version 5.1.7
README FIX
Windows NT/2000 - NetView MLM Version 7.1.3
README FIX
Tivoli NetView for OS/390 Version 1.2, 1.3, AND 1.4
VERSION
PTF #
V1R2 PTF
UW87016
V1R3 English PTF
UW87017
V1R3 Japanese PTF
UW87018
V1R4 English PTF
UW87019
V1R4 Japanese PTF
UW87020
Questions
For any questions, please contact your local call center or open a PMR through the online support page http://www-3.ibm.com/software/support/probsub.html
Updated May 20, 2002
|
