Security Hole In SNMP

wiredog writes: "From ZDNET comes the news that there is apparently a serious security flaw in the Simple Network Management Protocol, used to control routers and other network devices." An anonymous reader points to the CERT advisory as well.

What is the flaw?

[Apreche]

Once again a security flaw is found, but nobody tells anyone what the security flaw is. While they take there time to fix it, crackers are hard at work trying to figure out what it is and how to exploit it. If they told everyone what it is right away, there would be a patch and the problem would be solved before any bad stuff happened.
MS has the same policy that these guys do. One day MS is going to get hacked while they take their time writing a patch, maybe then they'll wake up.

Re:What is the flaw?

[kindbud]

No one else is required to be logical and consistent, so why should I? Eat my ass, butt pirate!!!

not quite

[jon_c]

You'll notice that Microsofts response was to turn off the SNMP service until they get a patch ready.

-Jon

Fucking LAZY Vendors

[fanatic]

Christ, I've got 20+ Cisco routers and 40+ plus Cisco switches and EVERY GODDAMN ONE is vulnerable, including ones we installed in August. It's gonna take weeks to test new versions of software and then install it. And all because the fucking vendors are so goddamn lazy. The causes and solutions for buffer overflows have been available for YEARS. What are these assholes doing with all the money they extort from us?

One thing this does prove is the complete fallacy of trusting "professionally" written proprietary software. Cisco and Microsoft make more money than God and they are BOTH vulnerable to this crap.