NETWORK HARMONi Inc. Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Affected

Vendor Statement

      Network Harmoni's response to CERT Advisory CA-2002-03
      The CERT/CC is part of the Networked Systems Survivability (NSS)
      Program at the Software Engineering Institute (SEI), Carnegie Mellon
      University. The primary goal of the NSS Program is to ensure that
      appropriate technology and systems management practices are used to
      resist attacks on networked systems and to limit damage and ensure
      continuity of critical services in spite of successful attacks.
      On February 12th, 2002, CERT issued two advisories that warn of
      problems that could arise as the result of improper handling of
      malformed packets by applications using SNMP protocols.  The Oulu
      University Secure Programming Group (OUSPG) had discovered that
      improperly formed packets in the form of trap messages to SMNP
      managers and request messages to SNMP agents had caused problems in a
      number of SNMP based products.  A list of vendors, with products
      based on SNMP, was compiled by CERT, and they were notified directly
      along with the press and analyst community covering the Network
      Management space.

      Once we were notified of the situation, we immediately began
      regression testing our agent software against the entire Protos Test
      Suite: c06-snmpv1 used by Oulu University to discover these two
      packet handling vulnerabilities.  Because we are not currently
      offering products that accept trap messages, testing was focused on
      the ability of our SNMP agents to handle malformed SNMP requests
      without incident.  It was discovered through our testing that both
      RMONplus and SLAplus are potentially vulnerable to this method of
      disruption and will exhibit unpredictable behavior as a result of
      running this test suite. Rather than issue a patch, we have made
      modification to both versions of our agent to correct this problem.
      Customers concerned about vulnerabilities related to CERT Advisory
      CA-2002-03 should contact NETWORK HARMONi at
      support@networkharmoni.com for a new build.

      Current status (Wednesday 2/20/2002 4:00 PM):
      RMONplus & SLAplus (Builds 232 and above)
      Sun Solaris - Passed All tests
      Windows XP - Passed All tests
      Windows 2000 - Passed All tests
      Windows NT - Passed All tests
      HP-UX - Passed All tests
      IBM AIX - Passed All tests
      Linux - Passed All tests

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.