Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

multiple vulnerabilities in implementations of SNMP protocol

Reference: CERT Advisory CA-2002-03

Hi, is there any existing/new signatures that would detect these attacks?

Thanks.

4 REPLIES
Cisco Employee

Re: multiple vulnerabilities in implementations of SNMP protocol

The Cisco IDS Active Update Bulletin #20 was sent out today to announce the release of 3.0(4)S16 Service Pack which fixes an issue with the sensor appliance, and the 3.0(4)S17 Signature Update which contains a signature to monitor for the attack.

Both are available at:

ftp://ftp-eng.cisco.com/csids-sig-updates/S16/

and

ftp://ftp-eng.cisco.com/csids-sig-updates/S17/

They will be posted to CCO as soon as possible, and may already have been posted.

New Member

Re: multiple vulnerabilities in implementations of SNMP protocol

I found the S16 service packs. The S17 updates do not seem to be there yet. I will try again later today. Thanks very much for the fast response!

Cisco Employee

Re: multiple vulnerabilities in implementations of SNMP protocol

The updates are available again. They were temporarily pulled because we have discovered a False Positive situation with the SNMP signature as shipped in 3.0(4)S17. We felt that the situation was better served by having a noisy signature rather than no signature and have made the update availabe again. We are in the middle of the build of 3.0(5)S17 that will fix the noisy signature. This should be available later today or early tomorrow. A general announcement will be posted and emailed to the mailing list at that time.

The 3.0(5)S17 update should be applicable to either 3.0(4)S16 or 3.0(4)S17, so you can decide whether or not to apply 3.0(4)S17

Scott Cothrell

New Member

Re: multiple vulnerabilities in implementations of SNMP protocol

I got the S17 updates. Will watch for the announcement tomorrow. Thanks!

83
Views
0
Helpful
4
Replies
CreatePlease to create content