e-Security Inc. Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling



Vendor Statement

      e-Security Advisory:
      SNMPv1 Request and Trap Handling Vulnerabilities
      Revision 1.0
      Release Date: March 14, 2002


      On February 12, 2002 the CERTŪ/CC released an advisory related to
      security vulnerabilities that may exist in network devices using
      SNMPv1 as the management protocol. The vulnerabilities may allow
      unauthorized privileged access, denial of service attacks, or cause
      unstable behavior.  In response to this advisory, "CERTŪ Advisory
      CA-2002-03 Multiple Vulnerabilities in Many Implementations of the
      Simple Network Management Protocol (SNMP)", e-Security began
      executing the tests that elicit these vulnerabilities for all
      e-Security products.

      The issue centers on the SNMP library that we use in our products to
      communicate in SNMP versions 1,2 & 3.  Currently, e-Security uses
      SNMP Research's Emanate 15.2.7 on with our agents (e-Wizard and eSAW)
      and UC Davis 4.0.1 with our control center (e-Sentinel and OeSP).

      Preliminary test results have indicated that e-Sentinel, e-Wizard,
      OeSP, and e-SAW products exhibited the vulnerabilities in the CERTŪ

      Though we were affected with the vulnerabilities in our code, note
      this should not be viewed as a negative statement on SNMP protocol,
      as the latest packages from UC Davis and SNMP Research are not
      vulnerable to these exploits.


      e-Security has applied the PROTOS c06-SNMPv1 test suite to all
      e-Security products and has released patches to eliminate these
      vulnerabilities.  Our patches address e-Security products through
      v.3.1.  Future releases of e-Security products will utilize the
      latest packages from UC Davis and SNMP Research which have resolved
      these vulnerabilities.

      e-Security also  recommends considering one or more of the following
      solutions to minimize your network's potential exposure to these

      · Ingress filtering
      · Egress filtering
      · Filter SNMP traffic from non-authorized internal hosts
      · Change default community strings

      For Further Information

      Contact e-Security Customer Support at 1-800-474-3131, or you can
      e-mail us at support@esecurityinc.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.