Network Appliance Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      Information about the vulnerability of our systems has been posted on our
      primary support site: NOW ( ). The following field alert
      has also been issued to our customers:
      Field Alert # 120: CERT Advisory CA-2002-03: SNMP Vulnerabilities

      Testing shows some NetApp products will be affected by some of the issues
      listed in the CERT Advisory.
      Please note that NetCache appliances are only vulnerable if the attack comes
      from a trusted host.

      The following appliances will PANIC when under attack: F85, F87, F820, F840,
      F880, C1100 series, C3100, C6100. The following appliances were not observed
      to panic, but they may still be vulnerable to attack: F720, F740, F760,
      C720, C760. Information about the bug associated with this vulnerability can
      be found in Bugs Online area of NOW ( ).

      What happens when a filer/cache is hit by these cases?

      The NetApp system will PANIC with a PANIC string similar to the following:

      PANIC: Protection Fault accessing address 0x00000001 from EIP 0x5f02c9 in
      process snmpd on release NetApp Release Rxxxxxxxx on Wed Feb 13 02:19:14

      What releases have the fix for this issue?

      Patches have been built for the following OS levels:

      Data ONTAP 5.3.7R3 - Patch is 5.3.7R3D12
      Data ONTAP 6.1.1R2 - Patch is 6.1.1R2D16
      Data ONTAP 6.1.2R1 - Patch is 6.1.2R1D4
      NetCache 5.1 - Patch is 5.1R2D22
      NetCache 5.2.1 - Patch is 5.2.1R1D2

      The patches for both Data ONTAP and NetCache are available on the NOW site.

      What will I see if someone attempts to attack my machine and I have
      installed an OS with the fix?

      You will see a message similar to the following in the messages log and the
      filer or NetCache will continue to function normally.

      Wed Feb 13 21:57:56 GMT [snmpd:warning]: SNMP detected possible buffer
      overflow attempt, skipping request

      For more information visit

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.