|
|
CVE-ID | ||
---|---|---|
CVE-2002-0013 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
|
Description | ||
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | ||
References | ||
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
|
||
Assigning CNA | ||
MITRE Corporation | ||
Date Record Created | ||
20020110 | Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
Phase (Legacy) | ||
Modified (20061101) | ||
Votes (Legacy) | ||
ACCEPT(6) Cole, Foat, Green, Jones, Wall, Ziese REVIEWING(1) Christey |
||
Comments (Legacy) | ||
Christey> This candidate is at a higher level of abstraction (more general) than most other candidates. CVE's content decisions suggest that we should provide different candidates for each implementation and type of bug that is affected by the PROTOS suite. However, as of this writing (Feb 12, 2002), there is insufficient information to assign the proper number of candidates. This high-level candidate will serve as a "catch-all," but we will be assigning lower-level (more specific) candidates when there is more information. Due to the size and extent of this problem, it is better to have a high-level candidate than no candidate at all. Christey> BID:4089 Christey> DEBIAN:DSA-111 MANDRAKE:MDKSA-2002:014 CHANGE> [Christey changed vote from NOOP to REVIEWING] Christey> CALDERA:CSSA-2002-004.0 Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon. Christey> COMPAQ:SSRT0799 CONECTIVA:CLA-2002:462 DEBIAN:DSA-111 HP:HPSBUX0202-184 URL:http://online.securityfocus.com/advisories/4032 CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products MANDRAKE:MDKSA-2002:014 FREEBSD:FreeBSD-SA-02:11 Christey> SUSE:SuSE-SA:2002:012 Should also mention ucd-snmp package by name. BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html HP:HPSBMP0206-015 URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html CALDERA:CSSA-2002-SCO.25 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html CALDERA:CSSA-2002-004.1 URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1 BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html Christey> SUNALERT:57404 Christey> REDHAT:RHSA-2002:036 URL:http://www.redhat.com/support/errata/RHSA-2002-036.html |
||
Proposed (Legacy) | ||
20020315 | ||
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. | ||
You can also search by reference using the CVE Reference Maps.
|
||
For More Information: CVE Request Web Form (select "Other" from dropdown) |