Netscape Communications Corporation Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      Netscape continues to be committed to maintaining a
      high level of quality in our software and service offerings.
      Part of this commitment includes prompt response to
      security issues discovered by organizations such as the
      CERTŪ Coordination Center.

      According to a recent CERT/CC advisory,
      The Oulu University Secure Programming Group (OUSPG)
      has reported numerous vulnerabilities
      in multiple vendor SNMPv1 implementations.
      These vulnerabilities may allow unauthorized
      privileged access, denial of service attacks, or unstable behavior.

      We have carefully examined the reported findings, performing
      the tests suggested by the OUSPG to determine whether
      Netscape server products were subject to these vulnerabilities.
      It was determined that several products fell into this category.
      As a result, we have created fixes which will resolve the issues,
      and these fixes will appear in future releases of our product line.
      To Netscape's knowledge, there are no known instances of these
      vulnerabilities being exploited and no customers have been affected to date.

      When such security warnings are issued, Netscape has committed to
      - and will continue to commit to - resolving these issues in a prompt and
      timely fashion, ensuring that our customers receive products of the highest
      quality and security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.