[NEWS] Novell SNMPv1 Trap and Request Handling Vulnerabilities

From: support@securiteam.com
Date: 08/28/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 28 Aug 2002 19:53:27 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Novell SNMPv1 Trap and Request Handling Vulnerabilities
------------------------------------------------------------------------

SUMMARY

This patch addresses the SNMP Vulnerability issues listed in the Issues
Section of this readme. The files SNMPLOG.NLM & SNMPLOG.MSG are the same
as the ones we ship with NW5.1 SP4 and NW6 SP1. However, the files
SNMP.NLM & SNMP.MSG are newer in this TID than the files shipping in NW5.1
SP4 and NW 6 SP1. Hence if the support pack is already applied then only
SNMP.NLM & SNMP.MSG has to be replaced else all the the four files have to
be replaced.

These modules will not be in a NetWare 4.x Support Pack. This was tested
on 4.11, 4.2, 5.0, 5.1, and 6.0 only.

DETAILS

Vulnerable systems:
 * Netware version 4.11
 * Netware version 4.2
 * Netware version 5.0
 * Netware version 5.1
 * Netware version 6.0

Installation Instructions:
Replace the files on your server with the ones in this patch in the
appropriate directories. The NLMs should go to sys:\system folder and msg
files should go to sys:\system\nls\4 folder.

After you replace them, you need to unload and reload SNMP and the best
way to do that is to reboot the server.

Issue:
This patch addresses the following issues:
VU#107186 - Multiple vulnerabilities in SNMPv1 trap handling
SNMP trap messages are sent from agents to managers. A trap message may
indicate a warning or error condition or otherwise notify the manager
about the agent's state. SNMP managers must properly decode trap messages
and process the resulting data. In testing, OUSPG found multiple
vulnerabilities in the way many SNMP managers decode and process SNMP trap
messages.

VU#854306 - Multiple vulnerabilities in SNMPv1 request handling
SNMP request messages are sent from managers to agents. Request messages
might be issued to obtain information from an agent or to instruct the
agent to configure the host device. SNMP agents must properly decode
request messages and process the resulting data. In testing, OUSPG found
multiple vulnerabilities in the way many SNMP agents decode and process
SNMP request messages.

ADDITIONAL INFORMATION

The information has been provided by <mailto:ereed@novell.com> Ed Reed.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages