nCipher Corp. Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
nCipher Corp. supplies two SNMP products:
1) a SNMP agent bundled with the nForce/nShield and older nFast products
(nFast 75, 150 and 300)
2) The SNMP support software bundled with the newer nFast800 products.
The first product (bundled with the nForce, nShield and nFast 75/150/300
range) is a customised NET-SNMP agent version 4.2.1. This is vulnerable
to VU#854306 but not VU#107186. nCipher has upgraded this software to
the NET-SNMP release 4.2.3 and this is now available as a patch release
The second product (bundled with the nFast800 product) has two operating
modes, one for Linux (and, in the near future, Solaris) and one for
Windows NT/2000. In each case, the only agent used is the one currently
installed on the OS (NET-SNMP for Linux/Solaris and the Microsoft SNMP
agent for Windows); the nCipher-supplied software runs in a separate
Customers using this product should therefore ensure that their
operating system SNMP agent is patched against this vulnerability.
On Linux or Solaris , this requires installation of the NET-SNMP version
4.2.2 or greater. Running 'snmpd -v' (make sure it is in your path) will
tell you the version of the NET-SNMP agent you are currently running.
On Windows, this will require installation of the forthcoming patch from
Microsoft. If you have not installed the patch from Microsoft and the
'SNMP Service' is running then you are affected.
Again, if upgrading is not currently possible customers are advised to
disable the SNMP service if it might be exposed to hostile network
traffic, or make use of other suggestions supplied elsewhere in CERT
nCipher has released a specific advisory, which may be obtained from
http://www.ncipher.com/support/advisories/ - this includes a patch to
download that upgrades the nCipher agent to version 4.2.3 of the
NET-SNMP kit and fixes the issues listed above. Installation instructions are
contained within the patch file.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.