HP StorageWorks 2/32 SAN switch 2/32, version 4.0.2b release notes - Page 11

SAN Switch 2/32 Firmware Version 4.0.2b Updates SNMP Enhancements SNMP security updates include: • HP response to the CERT Coordination Center advisory notices VU#854306 and VU#107186. The CERT Coordination Center has issued a broad based alert to the technology industry regarding potential security vulnerabilities identified in SNMP, ranging from unauthorized privileged access, denial of service attacks, or unstable behavior. HP's Fabric OS Version 4.0.x, is based on MontaVista's embedded Linux real-time operating system, and incorporates v15.2 of the SNMP agent from SNMP Research. In response to the advisory, HP has released Fabric OS Version 4.0.2b. Fabric OS Version 4.0.2b and all subsequent versions include the most current patch level of v15.3.1.4 of the SNMP Research agent, which SNMP Research has indicated is not susceptible to the vulnerability described in notes VU#854306 and VU#107186. • SNMP trap recipients have been linked to the Access Control List (ACL). In order for an SNMP Management Station to receive a trap generated by the agent, the administrator must configure a trap recipient to correspond to the IP address of the Management Station using the agtcfgset command. In addition, the trap recipient must be able to pass the ACL check. The ACL check is as follows: There are six ACLs to restrict SNMP get/set/trap operations to hosts under a host-subnet-area. Host-subnet-area is defined by comparing non-zero IP octets. For example, an ACL of '192.168.64.0' allows for access by any hosts that start with the specified octets. The connecting host is enabled to set each host-subnet-area to be read-write or read-only. Highest privilege matched out of six entries is given to the access. The ACL check is turned off when all six entries contain '0.0.0.0'. SAN switch 2/32, version 4.0.2b release notes 11