Unisphere Networks Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
CUSTOMER SERVICE TECHNICAL BULLETIN
SUBJECT: CERT Advisory CA-2002-03: Vulnerability in SNMP
BULLETIN NUMBER: ERX_PSN-005
BULLETIN TYPE: Product Support Notification
AFFECTED PRODUCTS: ERX
ISSUE DATE: 03/08/2002
The CERT ® Coordination Center released an advisory on February 12,
2002 entitled, "CERT ® Advisory CA-2002-03 Multiple Vulnerabilities
in Many Implementations of the Simple Network Management Protocol
(SNMP)". The URL for the full text of the advisory can be found at:
The following releases of software have been found to suffer no
negative effects from execution of the PROTOS c06-SNMPv1 test suite
authored by OUSPG, as outlined in CERT Advisory CA-2002-03:
Subsequent patches (e.g. 3-0-6p7-0 and greater) and maintenance
releases (3-4-1) to those listed above have also tested successfully.
All future releases will have been tested against PROTOS c06-SNMPv1
as well. Earlier releases of software will experience higher than
average SRP CPU utilization resulting in potential SNMP timeouts
while the test suite is running, but recover immediately upon test
completion. Packet forwarding during the test is not affected.
Affected releases include:
This Product Support Notification is publicly viewable on the Web at:
If you have any questions concerning this notice, or to obtain the
latest patch release, please contact Unisphere Networks Customer
Inside the U.S. call: (800) 424-2344
Outside the U.S. call: (978) 589-9000
Via the Web @ http://support.unispherenetworks.com
Via e-mail @ firstname.lastname@example.org
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.