Juniper Networks, Inc. Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
- Vendor Information Help Date Notified: 23 Oct 2001
- Statement Date:
- Date Updated: 12 Feb 2002
This is in reference to your notification regarding CAN-2002-0012 and CAN-2002-0013. Juniper Networks has reproduced this behavior and coded a software fix. The fix will be included in all releases of JUNOS Internet software built after January 5, 2002. Customers with current support contracts can download new software with the fix from Juniper's web site at http://www.juniper.net
Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can only be reproduced in JUNOS Internet software if "snmp traceoptions flag pdu" is enabled. Tracing of SNMP PDUs is generally not enabled in production routers.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.