IBM Corporation Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
The AIX operating system is susceptible to the vulnerabilities
tested for by the Oulu University PROTOS test suite for all
levels of AIX 4.3.x prior to level 18.104.22.168, and AIX 5.1 prior
to level 22.214.171.124. APARs were developed and made available last
year that closed the vulnerabilities looked for by the test suite.
For 4.3.x, the relevant APAR is #IY17630; for 5.1, the appropriate
APAR is #IY20943.
To see if your version and level of AIX is vulnerable, enter the
lslpp -l bos.net.tcp.client
If the "Level" stated is lower than those given above, your
system is vulnerable, and you are urged to apply the appropriate
AIX versions prior to 4.3 are also vulnerable, but these versions
are no longer supported by IBM.
To remain consistent with IBM's standing agreement with our customers who
use zOS and OS/400, IBM asks that these customers contact IBM Service
for information regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please note that this vendor statement is for AIX only. That is, it does NOT cover the SNMP agents that may ship in any products other than Tivoli NetView.
If you have feedback, comments, or additional information about this vulnerability, please send us email.