FreeBSD, Inc. Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
- Vendor Information Help Date Notified: 17 Oct 2001
- Statement Date:
- Date Updated: 13 Feb 2002
FreeBSD does not include any SNMP software by default, and so is not vulnerable. However, the FreeBSD Ports Collection contains the UCD-SNMP / NET-SNMP package. Package versions prior to ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release will ship the corrected version of the UCD-SNMP / NET-SNMP package. In addition, the corrected version of the packages is available from the FreeBSD mirrors.
FreeBSD has issued the following FreeBSD Security Advisory regarding the UCD-SNMP / NET-SNMP package:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.