[Snort-sigs] More info on snmp vulnerabilities

Noller, Gregory Noller2G at ...256...
Tue Feb 12 12:48:07 EST 2002


http://www.cert.org/advisories/CA-2002-03.html



VU#107186 - Multiple vulnerabilities in SNMPv1 trap handling 


SNMP trap messages are sent from agents to managers. A trap message may
indicate a warning or error condition or otherwise notify the manager about
the agent's state. SNMP managers must properly decode trap messages and
process the resulting data. In testing, OUSPG found multiple vulnerabilities
in the way many SNMP managers decode and process SNMP trap messages. 

VU#854306 - Multiple vulnerabilities in SNMPv1 request handling 


SNMP request messages are sent from managers to agents. Request messages
might be issued to obtain information from an agent or to instruct the agent
to configure the host device. SNMP agents must properly decode request
messages and process the resulting data. In testing, OUSPG found multiple
vulnerabilities in the way many SNMP agents decode and process SNMP request
messages. 



Greg





More information about the Snort-sigs mailing list