Inktomi Corporation Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      All releases of Inktomi Traffic Server and Inktomi Media-IXT prior to
      version 5.2 are vulnerable, releases after 5.2 are not vulnerable.  A
      software patch is available to close the vulnerability.  Download and
      installation instructions are available at:

      Traffic Server deployed as part of the Inktomi Content Networking
      Platform 1.0 is also vulnerable, and should be immediately updated to
      v1.1 or 1.1.1.  Inktomi CNP customers can get the 1.1.1 release from

      Other Inktomi Products:
      Inktomi CDS is not vulnerable.  CDS is safe because it does not listen
      for SNMP requests. Inktomi Enterprise Search is also not vulnerable,
      because it does not include any SNMP. Finally, Inktomi Media
      Distribution Network is also safe because it does
      not include any SNMP.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.