Netscape Communications Corporation Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
Netscape continues to be committed to maintaining a
high level of quality in our software and service offerings.
Part of this commitment includes prompt response to
security issues discovered by organizations such as the
CERTŪ Coordination Center.
According to a recent CERT/CC advisory,
The Oulu University Secure Programming Group (OUSPG)
has reported numerous vulnerabilities
in multiple vendor SNMPv1 implementations.
These vulnerabilities may allow unauthorized
privileged access, denial of service attacks, or unstable behavior.
We have carefully examined the reported findings, performing
the tests suggested by the OUSPG to determine whether
Netscape server products were subject to these vulnerabilities.
It was determined that several products fell into this category.
As a result, we have created fixes which will resolve the issues,
and these fixes will appear in future releases of our product line.
To Netscape's knowledge, there are no known instances of these
vulnerabilities being exploited and no customers have been affected to date.
When such security warnings are issued, Netscape has committed to
- and will continue to commit to - resolving these issues in a prompt and
timely fashion, ensuring that our customers receive products of the highest
quality and security.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.