IBM Corporation Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Affected

Vendor Statement

      The AIX operating system is susceptible to the vulnerabilities
      tested for by the Oulu University PROTOS test suite for all
      levels of AIX 4.3.x prior to level 4.3.3.51, and AIX 5.1 prior
      to level 5.1.0.10. APARs were developed and made available last
      year that closed the vulnerabilities looked for by the test suite.
      For 4.3.x, the relevant APAR is #IY17630; for 5.1, the appropriate
      APAR is #IY20943.

      To see if your version and level of AIX is vulnerable, enter the
      command:

                      lslpp -l bos.net.tcp.client

      If the "Level" stated is lower than those given above, your
      system is vulnerable, and you are urged to apply the appropriate
      APAR.

      AIX versions prior to 4.3 are also vulnerable, but these versions
      are no longer supported by IBM.

      To remain consistent with IBM's standing agreement with our customers who
      use zOS and OS/400, IBM asks that these customers contact IBM Service
      for information regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Please note that this vendor statement is for AIX only. That is, it does NOT cover the SNMP agents that may ship in any products other than Tivoli NetView.

If you have feedback, comments, or additional information about this vulnerability, please send us email.