Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP

[Cynthia Brown <cynthb () nortelnetworks com>]

RE: Bugtraq archives at http://online.securityfocus.com/archive/1/267627

This vulnerability was addressed during Nortel Networks' response to 
CERT Advisory CA-2002-03 (Multiple Vulnerabilities in Many 
Implementations of SNMP).

Product Bulletin No. DB022002-1, Issue 3 advises that a software code 
update (patch) has been issued for Version 3.6.3P25, and recommends an 
upgrade from 3.6.3P24 to that version. The bulletin also gives 
recommended mitigating practices in case an immediate upgrade is not 
possible.

For a comprehensive overview of all Nortel Networks products and their 
status with respect to CERT Advisory CA-2002-03 please go to 
http://www.nortelnetworks.com/corporate/technology/snpmv1.html .

Product Bulletin No. DB022002-1, Issue 3 may be obtained by contacting 
Nortel Networks Global Technical Support:

North America: 1-800-4-NORTEL, or (1-800-466-7835)

Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907 9009

Contacts for other regions are available at
http://www.nortelnetworks.com/help/contact/global .