{"vuid":"VU#854306","idnumber":"854306","name":"Multiple vulnerabilities in SNMPv1 request handling","keywords":["SNMP agent","SNMP service","DoS","denial of service","buffer overflow","SNMPv1","GetRequest","PDU","VU#617947","OUSPG#0100"],"overview":"Multiple vendor SNMPv1 GetRequest, GetNextRequest, and SetRequest message handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior. If your site uses SNMP in any capacity, the we encourage you to read the information provided below.","clean_desc":"","impact":"These vulnerabilities may cause denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain access to the affected device. Specific impacts will vary from product to product.","resolution":"Note that many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Care should therefore be taken to ensure that any changes made based on the following recommendations will not negatively impact your ongoing network operations capability. Contact your vendor for patches.","workarounds":"Please see the Solution section of CA-2002-03 for additional countermeasures.","sysaffected":"","thanks":"","author":"This document was written by Ian A. Finlay.","public":["http://www.ee.oulu.fi/research/ouspg/protos/","http://www.cert.org/tech_tips/denial_of_service.html","http://www.ietf.org/rfc/rfc3000.txt","http://www.ietf.org/rfc/rfc1212.txt","http://www.ietf.org/rfc/rfc1213.txt","http://www.ietf.org/rfc/rfc1215.txt","http://www.ietf.org/rfc/rfc1270.txt","http://www.ietf.org/rfc/rfc2570.txt","http://www.ietf.org/rfc/rfc2571.txt","http://www.ietf.org/rfc/rfc2572.txt","http://www.ietf.org/rfc/rfc2573.txt","http://www.ietf.org/rfc/rfc2574.txt","http://www.ietf.org/rfc/rfc2575.txt","http://www.ietf.org/rfc/rfc2576.txt","http://www.securityfocus.com/bid/4089","http://online.securityfocus.com/bid/4132","http://online.securityfocus.com/bid/4732"],"cveids":["CVE-2002-0013"],"certadvisory":"CA-2002-03","uscerttechnicalalert":null,"datecreated":"2001-10-25T14:15:20Z","publicdate":"2002-02-12T00:00:00Z","datefirstpublished":"2002-02-12T18:40:50Z","dateupdated":"2007-11-07T18:31:47Z","revision":154,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"20","cam_population":"20","cam_impact":"19","cam_easeofexploitation":"15","cam_attackeraccessrequired":"19","cam_scorecurrent":"42.643125","cam_scorecurrentwidelyknown":"81.225","cam_scorecurrentwidelyknownexploited":"121.8375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":42.643125,"vulnote":null}