Unisphere Networks Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

      CUSTOMER SERVICE TECHNICAL BULLETIN

      SUBJECT: CERT Advisory CA-2002-03: Vulnerability in SNMP
      Implementation
      BULLETIN NUMBER: ERX_PSN-005
      BULLETIN TYPE: Product Support Notification
      AFFECTED PRODUCTS: ERX
      ISSUE DATE: 03/08/2002
      REVISION: 2.0

      PROBLEM DESCRIPTION:
      The CERT Coordination Center released an advisory on February 12,
      2002 entitled, "CERT Advisory CA-2002-03 Multiple Vulnerabilities
      in Many Implementations of the Simple Network Management Protocol
      (SNMP)". The URL for the full text of the advisory can be found at:

      http://www.cert.org/advisories/CA-2002-03.html

      AFFECTED PRODUCT(S):
      ERX 700/705/1400/1440

      SOLUTION:
      The following releases of software have been found to suffer no
      negative effects from execution of the PROTOS c06-SNMPv1 test suite
      authored by OUSPG, as outlined in CERT Advisory CA-2002-03:

      2-9-1p15-0
      2-10-1p1-0
      3-0-6p6-0
      3-2-3p1-0
      3-3-2p1-0
      3-4-0 REL

      Subsequent patches (e.g. 3-0-6p7-0 and greater) and maintenance
      releases (3-4-1) to those listed above have also tested successfully.
      All future releases will have been tested against PROTOS c06-SNMPv1
      as well. Earlier releases of software will experience higher than
      average SRP CPU utilization resulting in potential SNMP timeouts
      while the test suite is running, but recover immediately upon test
      completion. Packet forwarding during the test is not affected.
      Affected releases include:

      2-0-0 2-9-1p14-0
      2-10-0 2-10-1p0-3
      3-0-0 3-0-6p5-0
      3-1-0 3-1-0p2-0
      3-2-0 3-2-3
      3-3-0 3-3-2

      This Product Support Notification is publicly viewable on the Web at:

      http://support.unispherenetworks.com/websupport/CERT/erx_psn-005.pdf

      If you have any questions concerning this notice, or to obtain the
      latest patch release, please contact Unisphere Networks Customer
      Service.

      Inside the U.S. call: (800) 424-2344
      Outside the U.S. call: (978) 589-9000
      Via the Web @ http://support.unispherenetworks.com
      Via e-mail @ support@unispherenetworks.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.