Nokia Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling



Vendor Statement

This vulnerability is known to affect IPSO versions 3.1.3, 3.3, 3.3.1, 3.4, and 3.4.1.  Patches are currently available for versions 3.3, 3.3.1, 3.4 and 3.4.1 for download from the Nokia website.  In addition, version 3.4.2 shipped with the patch incorporated, and the necessary fix will be included in all future releases of IPSO.

We recommend customers install the patch immediately or follow the recommended precautions below to avoid any potential exploit.

If you are not using SNMP services, including Traps, simply disable the SNMP daemon to completely eliminate the potential vulnerability.

If you are using only SNMP Traps and running Check Point FireWall-1, create a firewall policy to disallow incoming SNMP messages on all appropriate interfaces. Traps will continue to work normally.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.