NETWORK HARMONi Inc. Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
Network Harmoni's response to CERT Advisory CA-2002-03
The CERT/CC is part of the Networked Systems Survivability (NSS)
Program at the Software Engineering Institute (SEI), Carnegie Mellon
University. The primary goal of the NSS Program is to ensure that
appropriate technology and systems management practices are used to
resist attacks on networked systems and to limit damage and ensure
continuity of critical services in spite of successful attacks.
On February 12th, 2002, CERT issued two advisories that warn of
problems that could arise as the result of improper handling of
malformed packets by applications using SNMP protocols. The Oulu
University Secure Programming Group (OUSPG) had discovered that
improperly formed packets in the form of trap messages to SMNP
managers and request messages to SNMP agents had caused problems in a
number of SNMP based products. A list of vendors, with products
based on SNMP, was compiled by CERT, and they were notified directly
along with the press and analyst community covering the Network
Once we were notified of the situation, we immediately began
regression testing our agent software against the entire Protos Test
Suite: c06-snmpv1 used by Oulu University to discover these two
packet handling vulnerabilities. Because we are not currently
offering products that accept trap messages, testing was focused on
the ability of our SNMP agents to handle malformed SNMP requests
without incident. It was discovered through our testing that both
RMONplus and SLAplus are potentially vulnerable to this method of
disruption and will exhibit unpredictable behavior as a result of
running this test suite. Rather than issue a patch, we have made
modification to both versions of our agent to correct this problem.
Customers concerned about vulnerabilities related to CERT Advisory
CA-2002-03 should contact NETWORK HARMONi at
firstname.lastname@example.org for a new build.
Current status (Wednesday 2/20/2002 4:00 PM):
RMONplus & SLAplus (Builds 232 and above)
Sun Solaris - Passed All tests
Windows XP - Passed All tests
Windows 2000 - Passed All tests
Windows NT - Passed All tests
HP-UX - Passed All tests
IBM AIX - Passed All tests
Linux - Passed All tests
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.