Outback Resource Group Inc. Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      OutBack Resource Group, Inc.

      OutBack Resource Group, Inc. acknowledges the potential of SNMP
      vulnerabilities as identified in the following CERT advisories:

      VU#854306 - Multiple vulnerabilities in SNMPv1 request handling
      VU#107186 - Multiple vulnerabilities in SNMPv1 trap handling

      OutBack has investigated how these vulnerabilities may impact
      OutBack's jSNMP Enterprise product and has determined the following:

      VU#854306 - This advisory is not applicable to jSNMP, because jSNMP
      does not accept or process SNMP Get, Set, or GetNext PDUs; rather,
      jSNMP sends those requests to SNMP agents and processes subsequent

      VU#107186 - jSNMP v3.2 passed the 24,098 applicable tests in the
      PROTOS c06-snmpv1 test suite.  jSNMP v3.1 failed only one test with
      undesirable behavior.  No consequences, other than potential
      denial-of-service, are known.  There have been no reported instances
      of this vulnerability being exploited in the jSNMP product.

      We recommend that our customers upgrade to the latest available
      version of jSNMP.

      Up-to-date information is available at www.outbackinc.com or

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.