Vulnerability Problem of SystemWalker/IP NetMGR May 9th, 2002

This bulletin provides security information about the reports to CERT/CC, the coordination center, or detected by Fujitsu's own examination by the published date.

Products developed by third parties may be included as subject products. Information about such third party products may be exactly the same as provided by the respective third party.

The contents of this bulletin are provided "AS IS" without warranties of any kind, either express or implied (including, without limitation, any implied warranty of merchantability, fitness for a particular purpose and non-infringement). In no event shall Fujitsu be liable for any direct, indirect, special, incidental, consequential, punitive, or any other damages of any kind, including, without limitation, loss of profits and loss of data incurred by a customer arising out of, or in connection with, the use or non-use of any information in this bulletin, even if Fujitsu has been advised of the possibility of such damages.

The information contained in this bulletin will be updated from time to time without notice. Therefore, all customers are advised to always ascertain the latest information. In case of redistribution of this security bulletin, the full text of this statement shall be reproduced.

---

---

1. Background

According to CERT Advisory CA-2002-03, multiple vulnerabilities in the SNMPv1 implementation have been reported in advance.
In SystemWalker/IP NetMGR, a security problem was found in the process of receiving SNMP traps.
This problem may cause system administrator privileges to be gained by unauthorized users.

2. Range of corresponding system(s)

3. Detected problem(s)

A security problem with receiving SNMP traps, may cause system administrator privileges to be gained by unauthorized users.

4. Method to temporarily avoid the problem

It is recommended to use firewalls to run the SLM manager and TRAP server in a reliable network. In the firewall settings, block the UDP ports 161 and 162 used by SNMP.
In such an environment, only limited users in an intranet can use the vulnerabilities.
If you cannot perform this method immediately, the vulnerabilities can be avoided by the following method. However, some SystemWalker/IP NetMGR functions become unavailable.

Execute the following command on the SLM manager and TRAP server:

# /opt/FJSVipmtr/bin/stopipmtr

After this, the process to receive SNMP traps is disabled.
Affect on system operation: The monitoring by SNMP traps cannot be done.

5. Patch information

• Contents of modification
  A modification was made for the security problem receiving SNMP traps. (See "3. Detected problem(s)")

Remarks:
The patches 911836G-01/911837G-01/911838G-01/911839G-01 cannot solve the vulnerabilities in the SNMPv1 implementation under the following conditions:

1. SystemWalker/IP NetMGR and SystemWalker/CentricMGR are running in the same machine.
   and
   
2. This machine receives SNMP-TRAP directly.

If the above conditions are true, apply the following patches: 911836G-02/911837G-02/911838G-02/911839G-02.

For the Patches, please contact a Fujitsu system engineer.

6. Revision history

• May 7th, 2002: 5th edition
  
  • Changed "Patch ID".
  • Deleted the following file from "Corresponding command/file".
    /opt/FJVipmtr/bin/ipmTrSrv
  • Deleted the following article from "Remarks".
    A patch to solve the problem mentioned above is being prepared.
• April 24th, 2002: 4th edition
  
  • Changed "Range of corresponding system(s)".
  • Added "Remarks".
• March 15th, 2002: 3rd edition
  
  • Added the patch list to 5.
  • Patch: Existing (For the patches provided, see 5.)
  • Added "5. Patch information"
  • Changed "Number", "Published", and "Revised"
• March 05th, 2002: 2nd edition
  
  • Changed "Title", and "Problem"
  • Added "Affect on system operation" to 4.
• February 18th, 2002: Initial release