On Thu, 14 Feb 2002, dean browett wrote: > When can I expect to be able to get a pkg for the recent snmp > vulnerability disclosure or can someone point me in the direction of > another source?
I executed "/usr/sbin/snmpd -V" on my RaQ 4 and got the following. cmu-snmp for Linux v3.7; Jul 1999 http://www.gaertner.de/snmp/ -- The Linux CMU SNMP Project (compiled without IPX support) The CERT advisory that was released on Tuesday did not mention the CMU SNMP Project in the vendor list. So I went to the URL above and it said that the CMU SNMP Project has been discontinued. It recommends switching to NET-SNMP (aka UCD-SNMP). I think that if Cobalt is going to patch the service we'll end up getting a completely different SNMP agent, which is likely to push the release date of the package. I was using MRTG, which uses SNMP, to monitor bandwidth usage on the two Cobalt's we have, but I have turned off SNMP after read the advisory, which is what I recommend we all do until Cobalt advises us. -- Matt Barton Webexcellence [EMAIL PROTECTED] Phone: 317.423.3548 x22 Fax: 317.423.8735 www.webexc.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
