NetBSD Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Not Affected

Vendor Statement

NetBSD does not ship with any SNMP tools in our 'base' releases. We do provide optional `packages' which provide various support for SNMP. These packages are not installed by default, nor are they currently provided as an install option by the operating system installation tools. A system administrator/end-user has to manually install this with our package management tools.

These SNMP packages include:

netsaint-plugin-snmp-1.2.8.4 SNMP monitoring plug-in for netsaint

p5-Net-SNMP-3.60 perl5 module for SNMP queries

p5-SNMP-3.1.0 Perl5 module for interfacing to the UCD SNMP library

p5-SNMP_Session-0.83 perl5 module providing rudimentary access to remote SNMP agents

ucd-snmp-4.2.1 Extensible SNMP implementation (conflicts with ucd-snmp-4.1.2)

ucd-snmp-4.1.2 Extensible SNMP implementation (conflicts with ucd-snmp-4.2.1)

We do provide a software monitoring mechanism called 'audit-packages', which allows us to highlight if a package with a range of versions has a potential vulnerability, and recommends that the end-user upgrade the packages in question.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.