FreeBSD, Inc. Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

FreeBSD does not include any SNMP software by default, and so is not vulnerable. However, the FreeBSD Ports Collection contains the UCD-SNMP / NET-SNMP package. Package versions prior to ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release will ship the corrected version of the UCD-SNMP / NET-SNMP package. In addition, the corrected version of the packages is available from the FreeBSD mirrors.
FreeBSD has issued the following FreeBSD Security Advisory regarding the UCD-SNMP / NET-SNMP package:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:11.snmp.asc.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.