• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
|Vulnerabilities in the SNMPv1 request handling of a large number of
SNMP implementations allow remote attackers to cause a denial of
service or gain privileges via (1) GetRequest, (2) GetNextRequest, and
(3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test
suite. NOTE: It is highly likely that this candidate will be SPLIT
into multiple candidates, one or more for each vendor. This and other
SNMP-related candidates will be updated when more accurate information
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
|Date Entry Created
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
| ACCEPT(6) Cole, Foat, Green, Jones, Wall, Ziese
Christey> This candidate is at a higher level of abstraction (more
general) than most other candidates. CVE's content
decisions suggest that we should provide different candidates
for each implementation and type of bug that is affected by
the PROTOS suite.
However, as of this writing (Feb 12, 2002), there is
insufficient information to assign the proper number of
candidates. This high-level candidate will serve as a
"catch-all," but we will be assigning lower-level (more
specific) candidates when there is more information.
Due to the size and extent of this problem, it is better to
have a high-level candidate than no candidate at all.
CHANGE> [Christey changed vote from NOOP to REVIEWING]
Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon.
CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities
CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
Should also mention ucd-snmp package by name.
BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities
BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities
This is an entry on the CVE
list, which standardizes names for security
For More Information: firstname.lastname@example.org