CVE
- Id
- 4406
- CVE No.
- CVE-2002-0012
- Status
- Candidate
- Description
- Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
- Phase
- Modified (20061101)
- Votes
- ACCEPT(6) Cole, Foat, Green, Jones, Wall, Ziese | REVIEWING(1) Christey
- Comments
- Christey> This candidate is at a higher level of abstraction (more | general) than most other candidates. CVE"s content | decisions suggest that we should provide different candidates | for each implementation and type of bug that is affected by | the PROTOS suite. | | However, as of this writing (Feb 12, 2002), there is | insufficient information to assign the proper number of | candidates. This high-level candidate will serve as a | "catch-all," but we will be assigning lower-level (more | specific) candidates when there is more information. | | Due to the size and extent of this problem, it is better to | have a high-level candidate than no candidate at all. | Ziese> ACKNOWLEDGED-BY-VENDOR | Christey> DEBIAN:DSA-111 | MANDRAKE:MDKSA-2002:014 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> CALDERA:CSSA-2002-004.0 | Christey> Consider adding BID:4088 | Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon. | Christey> COMPAQ:SSRT0799 | CONECTIVA:CLA-2002:462 | BID:4088 | DEBIAN:DSA-111 | HP:HPSBUX0202-184 | URL:http://online.securityfocus.com/advisories/4032 | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products | MANDRAKE:MDKSA-2002:014 | FREEBSD:FreeBSD-SA-02:11 | Christey> SUSE:SuSE-SA:2002:012 | | Should also mention ucd-snmp package by name. | BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html | HP:HPSBMP0206-015 | URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html | CALDERA:CSSA-2002-SCO.25 | URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html | CALDERA:CSSA-2002-004.1 | URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1 | BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html | Christey> REDHAT:RHSA-2002:036 | URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
