Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
| Link | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2001-163.html | vendor advisory |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1 | patch vendor advisory |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006 | vendor advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A87 | vdb entry signature |
| ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A | patch vendor advisory |
| http://www.cert.org/advisories/CA-2002-03.html | third party advisory us government resource |
| http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298 | vdb entry signature |
| http://www.kb.cert.org/vuls/id/854306 | third party advisory us government resource |
| http://www.iss.net/security_center/alerts/advise110.php | third party advisory vendor advisory |