Inktomi Corporation Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

      All releases of Inktomi Traffic Server and Inktomi Media-IXT prior to
      version 5.2 are vulnerable, releases after 5.2 are not vulnerable.  A
      software patch is available to close the vulnerability.  Download and
      installation instructions are available at:
      ftp://traffic_swul:!nc0ming@support.inktomi.com/CA-2002-03/README

      Traffic Server deployed as part of the Inktomi Content Networking
      Platform 1.0 is also vulnerable, and should be immediately updated to
      v1.1 or 1.1.1.  Inktomi CNP customers can get the 1.1.1 release from
      http://downloads.inktomi.com.

      Other Inktomi Products:
      Inktomi CDS is not vulnerable.  CDS is safe because it does not listen
      for SNMP requests. Inktomi Enterprise Search is also not vulnerable,
      because it does not include any SNMP. Finally, Inktomi Media
      Distribution Network is also safe because it does
      not include any SNMP.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.