SNMP Research Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
- Vendor Information Help Date Notified: 18 Oct 2001
- Statement Date:
- Date Updated: 12 Feb 2002
The most recent releases (220.127.116.11 and above) of all SNMP Research products address the vulnerabilities identified in the following CERT vulnerability advisories:
VU#854306 (Multiple vulnerabilities in SNMPv1 request handling)
VU#107186 (Multiple vulnerabilities in SNMPv1 trap handling)
A few of the malformed packets sent in these tests result in out of bound array references in allocated memory and minor memory leaks. No consequences, other than potential denial of service on some platforms, are known.
All customers who maintain a support contract have received either the new release or the appropriate patch sets to their 18.104.22.168 and later source code releases addressing these vulnerabilities. Users maintaining earlier releases should update to the current release if they have not already done so. Up-to-date information is available from firstname.lastname@example.org.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.