NetScreen Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
NetScreen's Global PRO and Global PRO Express do not have an SNMP agent or
manager and are not sensitive to the issues raised in VU#107186
(CAN-2002-0012), "Multiple vulnerabilities in SNMP v1 trap handling". No
change in behavior or operation is required.
NetScreen determined that the SNMP agent within all versions of ScreenOS
is sensitive to certain of the issues described in VU#854306
(CAN-2002-0013), "Multiple vulnerabilities in SNMP v1 request handling".
These vulnerabilities can in certain circumstances be exploited to produce
a denial of service. These vulnerabilities cannot be used to gain
management control of the device.
NetScreen has developed and tested maintenance releases of ScreenOS
software that address these vulnerabilities. All NetScreen security
appliances and systems shipped from NetScreen after Wednesday 13 February
2002 have software pre-installed at the factory that addresses these
vulnerabilities. Customers may download maintenance releases from the
NetScreen support web site (http://www.netscreen.com/support/ ).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.