KarlNet Inc. Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

      Karlnet Advisory:
      SNMPv1 Implementation Vulnerabilities in Karlnet Products
      Revision 1.0
      Revision Date: 14 March 2002

      I  Vulnerabilities Found

      Preliminary test results have indicated multiple Karlnet products exhibit certain vulnerabilities to SNMP messages.
      Some of these vulnerabilities can be exploited, resulting in a denial of service or service interruption.

      These results have not indicated any vulnerability that will allow an attacker to gain access to the affected device.

      II. Solution

      In response to CERTŪ Advisory CA-2002-03 Multiple Vulnerabilities in Many
      Implementations of the Simple Network Management Protocol (SNMP),
      Karlnet Inc. has detected and repaired all of the inconsistencies found by
      CERT Tests  in our SNMP implementation.  We have ensured that all
      vulnerabilities found, using test suite, PROTOS c-06-SNMPv1, have 
      been corrected and implemented in all versions of Karlnet Software 4.01 or greater.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.