Outback Resource Group Inc. Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
OutBack Resource Group, Inc.
OutBack Resource Group, Inc. acknowledges the potential of SNMP
vulnerabilities as identified in the following CERT advisories:
VU#854306 - Multiple vulnerabilities in SNMPv1 request handling
VU#107186 - Multiple vulnerabilities in SNMPv1 trap handling
OutBack has investigated how these vulnerabilities may impact
OutBack's jSNMP Enterprise product and has determined the following:
VU#854306 - This advisory is not applicable to jSNMP, because jSNMP
does not accept or process SNMP Get, Set, or GetNext PDUs; rather,
jSNMP sends those requests to SNMP agents and processes subsequent
VU#107186 - jSNMP v3.2 passed the 24,098 applicable tests in the
PROTOS c06-snmpv1 test suite. jSNMP v3.1 failed only one test with
undesirable behavior. No consequences, other than potential
denial-of-service, are known. There have been no reported instances
of this vulnerability being exploited in the jSNMP product.
We recommend that our customers upgrade to the latest available
version of jSNMP.
Up-to-date information is available at www.outbackinc.com or
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.