Hi Ray, We use dbsnmp on the production server. How it will affect us? Our system people sent us the same article to us and very concerned the security.
Joan Ray Stell wrote: > > Oracle does not seem to be listed, but you got to wonder what code > they based their snmp stuff on. You may want to nudge you sysadmin > in the ribs, also. > > ----- Forwarded message from The SANS Institute <[EMAIL PROTECTED]> ----- > > Date: Tue, 12 Feb 2002 12:30:06 -0700 (MST) > To: Ray Stell <[EMAIL PROTECTED]>(SD569668) > > SANS FLASH ALERT: Widespread SNMP Vulnerability > 1:30 PM EST 12 February, 2002 > > To: Ray Stell (SD569668) > > Note: This is preliminary data! If you have additional information, > please send it to us at [EMAIL PROTECTED] > > In a few minutes wire services and other news sources will begin > breaking a story about widespread vulnerabilities in SNMP (Simple > Network Management Protocol). Exploits of the vulnerability cause > systems to fail or to be taken over. The vulnerability can be found in > more than a hundred manufacturers' systems and is very widespread - > millions of routers and other systems are involved. > > As one of the SANS alumni, your leadership is needed in making sure that > all systems for which you have any responsibility are protected. To do > that, first ensure that SNMP is turned off. If you absolutely must run > SNMP, get the patch from your hardware or software vendor. They are all > working on patches right now. It also makes sense for you to filter > traffic destined for SNMP ports (assuming the system doing the filtering > is patched). > > To block SNMP access, block traffic to ports 161 and 162 for tcp and > udp. In addition, if you are using Cisco, block udp for port 1993. > > The problems were caused by programming errors that have been in the > SNMP implementations for a long time, but only recently discovered. > > CERT/CC is taking the lead on the process of getting the vendors to get > their patches out. Additional information is posted at > http://www.cert.org/advisories/CA-2002-03.html > > A final note. > > Turning off SNMP was one of the strong recommendations in the Top 20 > Internet Security Threats that the FBI's NIPC and SANS and the Federal > CIO Council issued on October 1, 2001. If you didn't take that action > then, now might be a good time to correct the rest of the top 20 as well > as the SNMP problem. The Top 20 document is posted at > http://www.sans.org/top20.htm > > ----- End forwarded message ----- > > -- > =============================================================== > Ray Stell [EMAIL PROTECTED] (540) 231-4109 KE4TJC 28^D > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Ray Stell > INET: [EMAIL PROTECTED] > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California -- Public Internet access / Mailing Lists > -------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Joan Hsieh INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
