> ATMSNMPD vulnerable???? Yep! I am challenging anyone out > there to find information on line stating that Sun's > ATMSNMPD is vulnerable to attack. As of today May 13 2002 > there is no information identifying this fact. If you are > running SunATM 4.0 or 5.0 and have not added the patches > below you are vulnerable to attack. Is there sun > documentation identifying the vulnerability and the urgent > need to implement the patch? As of today there is not. http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F107915&zone_32=107915http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F109039&zone_32=109039-09 The patch description doesn't mention what type of vulnerability other than "atmsnmpd crashes due to improper handling of malicious SNMPv1 request PDUs" This is the first time I heard about it myself. Sun should have mentioned this problem in an official security advisory. The patches are also not listed under http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/xos-8&nav=pub-patches which is the "Recommended & Security Patches for Solaris" page. Why is it not on there? I have no clue. I guess it is not a security issue or it isnt a recommended patch. Cheers Emre Yildirim emre@uab.edu | emre.yildirim@us.army.mil
