IPlanet Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
Update on CERT ALERT CA-2002-03
iPlanet has identified a problem in the CERT Alert CA-2002-03, regarding implementations of its directory server and web proxy server.
The SNMP agent (magt) daemon supplied with the Admin Server component of Netscape Directory Server 4.1x, iPlanet Directory Server 5.0, iPlanet Directory Server 5.1 and iPlanet Web Proxy Server 3.6 on UNIX platforms is vulnerable to a malformed request. The malformed request will cause the "magt" daemon to abruptly exit, so that it will no longer accept requests. The "magt" daemon is not included in the Admin Server component of the Netscape Directory Server or iPlanet Directory Server on the Windows NT, Windows 2000 platforms and is not used on AIX platforms, so the Directory Server and Web Proxy Server are not affected on these platforms.
This vulnerability is present in the following versions running on Unix platforms:
Netscape Directory Server 4.12, 4.13, 4.14, 4.15 and 4.16
iPlanet Directory Server 5.0, 5.0SP1 and 5.1
iPlanet Web Proxy Server 3.6
We do not believe that this vulnerability affects the overall integrity of the directory server or web proxy server in any way.
As a general practice, we recommend disabling all services affected by the "magt" daemon that are not explicitly required until a patch is downloaded and installed. If you are not using SNMP to monitor the directory server, we recommend that you do not run the "magt" daemon process. You can also limit your exposure to this vulnerability by using a firewall to restrict access to the UDP port on which "magt" receives incoming SNMP requests.
Patches and Service packs fixing this problem will be posted under http://www.iplanet.com/downloads/patches/.
Version Recommended action
Directory Server 4.1x Install standalone "magt" patch
Directory Server 5.0 Upgrade to 5.0SP2 or install "magt" patch
Directory Server 5.0SP1 Upgrade to 5.0SP2 or install "magt" patch
Directory Server 5.1 Install standalone "magt" patch
iPlanet Web Proxy Server 3.6 Install standalone "magt" patch
iPlanet products, such as iPlanet Application Server Enterprise Edition
6.x, bundling the above mentioned products are also affected. Installing
the appropriate Directory Server patches and/or service pack is
iPlanet customers with questions on this advisory are requested to contact iPlanet Technical Support who will provide full support and up-to-date information.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.