AVET Information and Network Security Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Not Affected

Vendor Statement

      AVET FireBorder OS (any version, including 1.4) is not vulnerable to the following vulnerabilities: - CAN-2002-0012 - CAN-2002-0013

      This is due to several reasons:

      - AVET FireBorder OS does not contain SNMP server
      - administrator user can not install SNMP server due to lack of privileges
      - system architecture would not allow to run arbitrary code in any of running network daemons; theoretically under some circumstances it could be possible to perform remote DoS attack on vulnerable servers; still to install and run SNMP daemon local user would need to bypass default permission and ACL settings.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.