I asked APCC about the vulnerabilities in their software having read about them in this and other forums (fora?), and initially received a reply saying they were working on it, and they took the problem seriously. Today I received a report that new software was available in beta. Those of you who are exposed to the DoS-ability of your UPS units might want to see if you can get hold of this beta. Reply quoted below, stripped of personal information. Paul /* My parachute came with a "lifetime" warranty. Why am I'm not reassured ? */ ---------- Forwarded message ---------- Date: Tue, 24 Nov 1998 17:50:05 -0500 Subject: APC PowerNet SNMP Adapter Security Issues - Beta Firmware Available Paul, The protocol stack fixes for the SNMP Adapter are complete. We are Beta testing the new firmware changes during the next several weeks. The SNMP Adapter v3.0.2.b can now successfully survive the following attacks: Ping of Death, Nestea, Bonk, Jolt, Land, Newtear, Syndrop, Teardrop, Winnuke I would like you to help ensure that we have resolved the vulnerabilities that you have described in your previous e-mails by beta testing the new firmware. If you are interested in helping us verify the new firmware, please let me know. Regards, -snip - American Power Conversion 1-800-788-2208 -snip - -snip -
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:17 PDT