search menu icon-carat-right cmu-wordmark

CERT Coordination Center


SNMPv3 improper HMAC validation allows authentication bypass

Vulnerability Note VU#878044

Original Release Date: 2008-06-10 | Last Revised: 2009-07-16

Overview

A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass.

Description

SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and privacy control among other features. Authentication for SNMPv3 is done using keyed-Hash Message Authentication Code (HMAC), a message authentication code calculated using a cryptographic hash function in combination with a secret key. Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte.

This issue is known to affect Net-SNMP and UCD-SNMP. Other SNMP implementations may also be affected.

Impact

This vulnerability allows attackers to read and modify any SNMP object that can be accessed by the impersonated user. Attackers exploiting this vulnerability can view and modify the configuration of these devices.

Solution


Upgrade

This vulnerability is addressed in Net-SNMP versions 5.4.1.1, 5.3.2.1, 5.2.4.1, 5.1.4.1, 5.0.11.1 and UCD-SNMP 4.2.7.1. Please see the Net-SNMP download page.

Alternatively, consult your vendor. See the Systems Affected section below for more information.

Apply a patch

Net-SNMP has released a patch to address this issue. For more information refer to SECURITY RELEASE: Multple Net-SNMP Versions Released. Users are encouraged to apply the patch as soon as possible. Note that patch should apply cleanly to UCD-snmp too.


Enable the SNMPv3 privacy subsystem

The configuration should be modified to enable the SNMPv3 privacy subsystem to encrypt the SNMPv3 traffic using a secret, private key. This option does not encrypt the HMAC, but does minimize the possible affects from this vulnerability.

Vendor Information

878044
Expand all

Extreme Networks

Notified:  May 20, 2008 Updated:  April 22, 2009

Statement Date:   April 20, 2009

Status

  Vulnerable

Vendor Statement

Extreme Networks products running "Extremeware" software are not vulnerable.

Extreme Networks products running "EXOS" software are vulnerable.
This vulnerability is fixed in EXOS patch release 11.6.4.11-patch1-7 and will be integrated into the subsequent sustaining releases.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Global Technology Associates

Notified:  May 20, 2008 Updated:  July 16, 2009

Statement Date:   July 16, 2009

Status

  Vulnerable

Vendor Statement

Global Technology Associates products running GB-OS 5.1.4 and later are not vulnerable.  GTA products running earlier versions of GB-OS are vulnerable if the SNMP service is utilized and enable.

Customers running systems with GB-OS prior to version 5.1.4 are encouraged to update their GTA product to GB-OS 5.1.4 or 5.2.x. In the event that it is not possible to update your GTA product, customers should disable the SNMP service on their system to prevent the exploit of this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Initiative Japan

Updated:  June 19, 2008

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks, Inc.

Notified:  May 20, 2008 Updated:  June 09, 2008

Status

  Vulnerable

Vendor Statement

Juniper Networks has confirmed that its Session and Resource Control appliances are susceptible to this vulnerability. Customers run SRC versions 1.0.0, 1.0.1, or 2.0.0 on their C-series appliances are encouraged to contact the Juniper Networks Customer Support Center for more detailed information and for product updates.

All other Juniper Networks products are NOT susceptible to this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Network Appliance, Inc.

Notified:  May 20, 2008 Updated:  June 04, 2008

Status

  Vulnerable

Vendor Statement

The only NetApp product susceptible to this issue is our early access version of the next major product release. Data ONTAP releases 7.3RC1 and 7.

3RC2 are affected.

The code does not exist in any 6.5, 7.0, 7.1 or 7.2 or 10.0 release.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Notified:  May 20, 2008 Updated:  June 06, 2008

Status

  Vulnerable

Vendor Statement

This issue affects the ucd-snmp package as shipped with Red Hat Enterprise Linux 2.1, and the net-snmp package as shipped with Red Hat Enterprise Linux 3, 4, and 5. Updated packages to correct this issue are available along with our advisories at the URL below and via the Red Hat Network:

http://rhn.redhat.com/cve/CVE-2008-2292.html

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SNMP Research

Updated:  June 06, 2008

Status

  Vulnerable

Vendor Statement

Vulnerabilities have been found in the authentication code in multiple implementations of SNMPv3 including NetSNMP, SNMP Research, and many products derived from these reference

implementations.

The vulnerabilities in the implementations are slightly different but both allow a sender to create certain malformed packets which will be accepted as authentic by the receiver even though they are not authentic and thereby allow an interloper to masquerade as another principal.

The vulnerability applies equally to use of either MD5 or SHA-1.

This vulnerability is present in multiple products including those of SNMP Research.

This vulnerability is present in all SNMP Research products which support SNMPv3 up through and including Release 16.1, i.e., the vulnerability was present in SNMP Research product
Releases 15.1, 15.2, 15.3, 15.4, and 16.1, as well as products derived from those code bases unless upgraded, (please see the next paragraph).

SNMP Research product Release 16.2 and subsequent releases are believed to not be subject to this vulnerability. SNMP Research product Release 16.2 became generally available in late 2006 and all SNMP Research customers with support agreements should have received product distributions that are not subject to this vulnerability in December 2006 or January 2007. SNMP Research products shipped after that time are not believed to be subject to this vulnerability.

In SNMPv3, the authentication subsystem is responsible for protecting against multiple threats:

Modification of Information,
Masquerade, and
Message Stream Modification

This vulnerability potentially compromises the protections against each of the above threats.

The vulnerability is in the implementations. There are no known problems with the protocol design or specifications in this regard.


Remediation

It is suggested that users upgrade to current versions of the software which do not have these implementation problems and the resulting vulnerabilities.


Short-Term Mitigation

A short-term workaround for users who are unable to upgrade in a timely fashion is to modify their configuration data to enable the SNMPv3 privacy subsystem (if it is not already in use), i.e., to encrypt the SNMPv3 traffic using a secret, private key.

By so doing, it is believed that it will not be computationally feasible for interlopers to "forge" valid packets without knowledge of the secret encryption key, i.e., such packets will be dropped at the receiver, thereby somewhat mitigating the problem by thwarting exploitation of the vulnerability.

However, while this workaround provides for data origin authentication of the payload of the message, and thereby defends against the masquerade threat (provided that secret encryption key remains known only to legitimate senders and receivers), it does not protect against the two other threats identified above. In particular, the message headers are not protected against the modification of information threat. The message timeliness indicators, which are in the message headers, are potentially subject to manipulation by an interloper, thereby enabling replay attacks (message stream modification threat). An interloper can sucessfully replay valid packets that have been captured since the encryption key(s) in use were most recently changed.

Therefore, enabling encryption should be viewed as a short-term mitigation strategy that is better than doing nothing but not as good as the recommended remdiation strategy.


Credits

These vulnerabilities were first identified by Dr. Tom Dunigan of
the University of Tennessee.


For More Information

Specifications:
Please see RFCs 3410 and 3414.

Technical Support:
support@snmp.com
+1 865 579 3311

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sun Microsystems, Inc.

Notified:  May 20, 2008 Updated:  June 16, 2008

Status

  Vulnerable

Vendor Statement

Sun has issued the following Security Sun Alert describing the affected products, any workarounds or resolution available:

Sun Alert 238865 SNMPv3 Authentication Bypass Vulnerability in snmpd(1M) http://sunsolve.sun.com/search/document.do?assetkey=1-66-238865-1

The above Sun Alert would be updated as and when fully tested patches for the issue are available.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

eCosCentric

Updated:  June 13, 2008

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Fixed in CVS.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

netsnmp

Notified:  May 16, 2008 Updated:  June 10, 2008

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to http://sourceforge.net/forum/forum.php?forum_id=833770.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AdventNet Inc.

Notified:  June 13, 2008 Updated:  June 18, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to http://www.adventnet.com/products/cert_snmp_authentication_vulnerability_notes.html for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Computer Associates

Notified:  May 20, 2008 Updated:  June 20, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Computer Associates eTrust Security Management

Notified:  May 20, 2008 Updated:  June 20, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Force10 Networks, Inc.

Notified:  May 20, 2008 Updated:  June 12, 2008

Status

  Not Vulnerable

Vendor Statement

Force10 Networks' FTOS is unaffected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fortinet, Inc.

Notified:  May 20, 2008 Updated:  May 27, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks, Inc.

Notified:  May 20, 2008 Updated:  June 17, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Funkwerk Enterprise Communications

Updated:  June 18, 2008

Status

  Not Vulnerable

Vendor Statement

US-CERT has recently published a Security Alert concerning a “SNMPv3 Authentication Bypass Vulnerability” (see http://www.us-cert.gov/cas/techalerts/TA08-162A.html for details).

We would like our customers to know that all Funkwerk Enterprise Communications products running a version of the BOSS operating system are NOT affected by this vulnerability.

The respective products are:
o devices of the R2xx Series (e.g. R232bw), Rxx00 Series (e.g. R3000w), X Series (e.g. X2302) and VPN Series of gateways
o devices of the Wx002, WIx040 and WIx065 Series of WLAN products running the BOSS operating system.

Also note that SNMP V 3 which is affected by the vulnerability was not introduced before System Software 7.4.1.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation

Notified:  May 20, 2008 Updated:  June 18, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel Corporation

Notified:  May 20, 2008 Updated:  May 21, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Security Systems, Inc.

Notified:  May 20, 2008 Updated:  June 04, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  May 20, 2008 Updated:  May 28, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc.

Notified:  May 20, 2008 Updated:  June 04, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Stonesoft

Notified:  May 20, 2008 Updated:  June 23, 2008

Status

  Not Vulnerable

Vendor Statement

Stonesoft products are not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TippingPoint, Technologies, Inc.

Notified:  May 20, 2008 Updated:  May 21, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

3com, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ACCESS

Notified:  June 02, 2008 Updated:  June 02, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AT&T

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer, Inc.

Notified:  June 02, 2008 Updated:  June 02, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Aruba Networks, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Asante Technologies, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Atheros Communications, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avaya, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avici Systems, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BEA Systems, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Borderware Technologies

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Bro

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Broadcom

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Charlotte's Web Networks

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point Software Technologies

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc.

Notified:  May 20, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Clavister

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cosinecom

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Covalent Technologies

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cyclades, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data Connection, Ltd.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian GNU/Linux

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

EMC Corporation

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde Secure Linux

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Enterasys Networks

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ericsson

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Notified:  June 04, 2008 Updated:  June 04, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Harris Corporation

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hyperchip

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation (zseries)

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IP Filter

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IP Infusion, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Inktomi Corporation (now Yahoo!)

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intoto

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lantronix

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Linux Kernel Archives

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lotus Software

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Luminous Networks

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Marconi, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

McAfee

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MetaSwitch

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Metrobility, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Motion Media Technologies, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multinet (owned Process Software Corporation)

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multitech, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Net-Policy

Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Netgear, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Netscape Communications Corporation

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NextHop Technologies, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Oracle Corporation

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Polycom

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

QNX, Software Systems, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

QUALCOMM Incorporated

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Quagga

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Rad Vision, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Redback Networks, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Riverstone Networks, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Network Security Division

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secureworx, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Silicon Graphics, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware Linux Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SmoothWall

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Snort

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Soapstone Networks

Notified:  June 02, 2008 Updated:  June 02, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sourcefire

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Symantec, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The Teamware Group

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Turbolinux

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubuntu

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Vertical Networks, Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Watchguard Technologies, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ZyXEL

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

cPanel Inc.

Notified:  June 13, 2008 Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

eSoft, Inc.

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

m0n0wall

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

netfilter

Notified:  May 20, 2008 Updated:  May 20, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

netsnmpj

Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

openSNMP

Updated:  June 13, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This issue was reported by Wes Hardaker at Net-SNMP. Thanks also to Jeff Case of SNMP Research and oCERT

This document was written by Chris Taschner and David Warren.

Other Information

CVE IDs: CVE-2008-0960
Severity Metric: 7.56
Date Public: 2008-05-31
Date First Published: 2008-06-10
Date Last Updated: 2009-07-16 18:00 UTC
Document Revision: 36

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.