NetScreen Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Not Affected

Vendor Statement

      NetScreen's Global PRO and Global PRO Express do not have an SNMP agent or
      manager and are not sensitive to the issues raised in VU#107186
      (CAN-2002-0012), "Multiple vulnerabilities in SNMP v1 trap handling". No
      change in behavior or operation is required.

      NetScreen determined that the SNMP agent within all versions of ScreenOS
      is sensitive to certain of the issues  described in VU#854306
      (CAN-2002-0013), "Multiple vulnerabilities in SNMP v1 request handling".
      These vulnerabilities can in certain circumstances be exploited to produce
      a denial of service.  These vulnerabilities cannot be used to gain
      management control of the device.

      NetScreen has developed and tested maintenance releases of ScreenOS
      software that address these vulnerabilities. All NetScreen security
      appliances and systems shipped from NetScreen after Wednesday 13 February
      2002 have software pre-installed at the factory that addresses these
      vulnerabilities. Customers may download maintenance releases from the
      NetScreen support web site (http://www.netscreen.com/support/ ).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.