Juniper Networks, Inc. Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling



Vendor Statement

This is in reference to your notification regarding CAN-2002-0012 and CAN-2002-0013. Juniper Networks has reproduced this behavior and coded a software fix. The fix will be included in all releases of JUNOS Internet software built after January 5, 2002. Customers with current support contracts can download new software with the fix from Juniper's web site at

Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can only be reproduced in JUNOS Internet software if "snmp traceoptions flag pdu" is enabled. Tracing of SNMP PDUs is generally not enabled in production routers.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.