On Tuesday 17 Feb 2004 6:23 pm, thiago.vazquez@light.com.br wrote: > We have many products from APC and we've tested that vulnerability in some > of them and ..... following are the results. [ snip ] According to a Matias Kvaternik at APC (US) today, the bug was discovered after the AP9606 was discontinued (we bought some less than one year ago), and the engineering team has "no fix in the pipeline". He advises us to switch off telnet access. I would imagine most APC products are installed to last for a good three to six years - upgrading power hardware is probably about as practical as upgrading a load of networking equipment. I'm surprised, indeed disappointed, that APC doesn't appear to provide critical security fixes for these discontinued products; although I do only speak from very limited experience of APC. James Green
