Foundry have responded to the advisory quickly, and will be releasing patched firmware soon (as in the next few hours, and probably by the time you read this - I already have it). Stable firmware will be available via the Foundry support web site in less than two weeks. See http://www.foundrynet.com/bugTraq.html for the latest news on this issue. This page also points out some reasonable steps you can take to reduce the risk of remote management whilst using your Foundry devices. For those Foundry owners who are interested, native ssh access to the Foundry switches is apparently available as an add-on product. As many of you know, ssh reduces the risk of remote management by not using clear text for important secrets such as passwords and configuration details. I recommend all Foundry owners to contact their vendor or use their support details to obtain this important add-on. I wish to thank Chandra Kopparapu, Foundry's Product Marketing Manager for layer 4-7 switches for his prompt response to this issue. Andrew van der Stock, Security Architect e-Secure Pty Ltd "Secure in a Networked World" Phone: 02 9438 4984 Fax: 02 9438 4986 Suite 201, 2-4 Pacific Hwy, Mobile: 0412 532 963 St. Leonards NSW 2065 Australia http://www.e-Secure.com.au/ ACN 086 248 419 e-mail:A.vanderStock@e-Secure.com.au
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:41 PDT