e-Security Inc. Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
SNMPv1 Request and Trap Handling Vulnerabilities
Release Date: March 14, 2002
On February 12, 2002 the CERTŪ/CC released an advisory related to
security vulnerabilities that may exist in network devices using
SNMPv1 as the management protocol. The vulnerabilities may allow
unauthorized privileged access, denial of service attacks, or cause
unstable behavior. In response to this advisory, "CERTŪ Advisory
CA-2002-03 Multiple Vulnerabilities in Many Implementations of the
Simple Network Management Protocol (SNMP)", e-Security began
executing the tests that elicit these vulnerabilities for all
The issue centers on the SNMP library that we use in our products to
communicate in SNMP versions 1,2 & 3. Currently, e-Security uses
SNMP Research's Emanate 15.2.7 on with our agents (e-Wizard and eSAW)
and UC Davis 4.0.1 with our control center (e-Sentinel and OeSP).
Preliminary test results have indicated that e-Sentinel, e-Wizard,
OeSP, and e-SAW products exhibited the vulnerabilities in the CERTŪ
Though we were affected with the vulnerabilities in our code, note
this should not be viewed as a negative statement on SNMP protocol,
as the latest packages from UC Davis and SNMP Research are not
vulnerable to these exploits.
e-Security has applied the PROTOS c06-SNMPv1 test suite to all
e-Security products and has released patches to eliminate these
vulnerabilities. Our patches address e-Security products through
v.3.1. Future releases of e-Security products will utilize the
latest packages from UC Davis and SNMP Research which have resolved
e-Security also recommends considering one or more of the following
solutions to minimize your network's potential exposure to these
· Ingress filtering
· Egress filtering
· Filter SNMP traffic from non-authorized internal hosts
· Change default community strings
For Further Information
Contact e-Security Customer Support at 1-800-474-3131, or you can
e-mail us at firstname.lastname@example.org.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.