Following information was
passed to me requesting comments on how Netview handles these vulnerabilities. I
would appreciate any comments and / or feedback regarding this.
Multiple vulnerabilities in
SNMPv1 trap handling
Multiple vendor SNMPv1 Trap
handling implementations contain vulnerabilities that may allow unauthorized
privileged access, denial-of-service conditions, or unstable behavior . If your
site uses SNMP in any capacity, please read the following.
The Oulu University Secure
Programming Group (OUSPG) has reported numerous vulnerabilities in multiple
vendor SNMPv1 implementations. By applying the PROTOS c06-SNMPv1 test suite to
a variety of popular SNMPv1-enabled products, the OUSPG revealed a number of
vulnerabilities across a wide range of products. This vulnerability note
focuses on vulnerabilities occurring in code responsible for SNMPv1 trap
handling. SNMPv1 supports five different types of messages: GetRequest, SetRequest,
GetNextRequest, GetResponse, and Trap. A single SNMP message is referred to as
a Protocol Data Unit (PDU). These messages are described using Abstract Syntax
Notation One (ASN.1) and translated into binary format using Basic Encoding
Rules (BER). SNMP trap messages are sent from agents to managers. Trap messages
are unsolicited (the manager does not issue a request message) and may indicate
a warning or error condition or otherwise notify the manager about the agent's
state. SNMP managers should reliably decode trap messages and process the
resulting application data. OUSPG performed two sets of tests of SNMP trap
message handling: one test focused on ASN.1 decoding, the second looked for
exceptions in the processing of the decoded data.
The results yielded multiple
vulnerabilities in both the ASN.1 decoding and the subsequent processing of
SNMP trap messages by many different SNMP managers. Vulnerabilities include
denial-of-service conditions, format string vulnerabilities, and buffer overflows.
Some vulnerabilities do not require the request message to use the correct SNMP