Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-1999-1570
Vulnerability from cvelistv5
Published
2002-08-31 04:00
Modified
2024-08-01 17:18
Severity ?
EPSS score ?
Summary
Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T17:18:07.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "19990909 19 SCO 5.0.5+Skunware98 buffer overflows", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://online.securityfocus.com/archive/1/27074", }, { name: "CSSA-2002-SCO.17", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt", }, { name: "4089", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4089", }, { name: "openserver-sar-bo(8989)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/8989.php", }, { name: "20020509 Sar -o exploitation process info.", tags: [ "mailing-list", "x_refsource_VULN-DEV", "x_transferred", ], url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "1999-09-09T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "19990909 19 SCO 5.0.5+Skunware98 buffer overflows", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://online.securityfocus.com/archive/1/27074", }, { name: "CSSA-2002-SCO.17", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt", }, { name: "4089", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4089", }, { name: "openserver-sar-bo(8989)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/8989.php", }, { name: "20020509 Sar -o exploitation process info.", tags: [ "mailing-list", "x_refsource_VULN-DEV", ], url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-1999-1570", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "19990909 19 SCO 5.0.5+Skunware98 buffer overflows", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/27074", }, { name: "CSSA-2002-SCO.17", refsource: "CALDERA", url: "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt", }, { name: "4089", refsource: "BID", url: "http://www.securityfocus.com/bid/4089", }, { name: "openserver-sar-bo(8989)", refsource: "XF", url: "http://www.iss.net/security_center/static/8989.php", }, { name: "20020509 Sar -o exploitation process info.", refsource: "VULN-DEV", url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-1999-1570", datePublished: "2002-08-31T04:00:00", dateReserved: "2002-06-11T00:00:00", dateUpdated: "2024-08-01T17:18:07.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-1999-1570\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-05-01T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:caldera:openserver:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63D4FCE-5416-4DE2-8E9A-5BF057673118\"}]}]}],\"references\":[{\"url\":\"ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=vuln-dev&m=102098949103708&w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://online.securityfocus.com/archive/1/27074\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.iss.net/security_center/static/8989.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/4089\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=vuln-dev&m=102098949103708&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://online.securityfocus.com/archive/1/27074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.iss.net/security_center/static/8989.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/4089\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}", }, }
fkie_cve-1999-1570
Vulnerability from fkie_nvd
Published
2002-05-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openserver | 5.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openserver:5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C63D4FCE-5416-4DE2-8E9A-5BF057673118", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.", }, ], id: "CVE-1999-1570", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-05-01T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt", }, { source: "cve@mitre.org", url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, { source: "cve@mitre.org", url: "http://online.securityfocus.com/archive/1/27074", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/8989.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://online.securityfocus.com/archive/1/27074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/8989.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4089", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-200205-0149
Vulnerability from variot
Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. The resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. SNMP requests are messages sent from manager to agent systems. They typically poll the agent for current performance or configuration information, ask for the next SNMP object in a Management Information Base (MIB), or modify the configuration settings of the agent. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. It is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)
Original release date: February 12, 2002 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
Products from a very wide variety of vendors may be affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from http://www.kb.cert.org/vuls/id/854306 http://www.kb.cert.org/vuls/id/107186
Many other systems making use of SNMP may also be vulnerable but were not specifically tested.
In addition to this advisory, we also have an FAQ available at http://www.cert.org/tech_tips/snmp_faq.html
I. Description
The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts. The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous vulnerabilities in SNMPv1 implementations from many different vendors. More information about SNMP and OUSPG can be found in Appendix C
OUSPG's research focused on the manner in which SNMPv1 agents and managers handle request and trap messages. A trap message may indicate a warning or error condition or otherwise notify the manager about the agent's state. Request messages might be issued to obtain information from an agent or to instruct the agent to configure the host device.
Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the SNMP message to use the correct SNMP community string.
These vulnerabilities have been assigned the CVE identifiers CAN-2002-0012 and CAN-2002-0013, respectively.
II.
III. Solution
Note that many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this advisory. Please consult this appendix to determine if you need to contact your vendor directly.
Disable the SNMP service
As a general rule, the CERT/CC recommends disabling any service or capability that is not explicitly required, including SNMP. Unfortunately, some of the affected products exhibited unexpected behavior or denial of service conditions when exposed to the OUSPG test suite even if SNMP was not enabled. In these cases, disabling SNMP should be used in conjunction with the filtering practices listed below to provide additional protection.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of these vulnerabilities by blocking access to SNMP services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a network under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the network usage policy of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. For SNMP, ingress filtering of the following ports can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services.
snmp 161/udp # Simple Network Management Protocol (SNMP) snmp 162/udp # SNMP system management messages
The following services are less common, but may be used on some affected products
snmp 161/tcp # Simple Network Management Protocol (SNMP) snmp 162/tcp # SNMP system management messages smux 199/tcp # SNMP Unix Multiplexer smux 199/udp # SNMP Unix Multiplexer synoptics-relay 391/tcp # SynOptics SNMP Relay Port synoptics-relay 391/udp # SynOptics SNMP Relay Port agentx 705/tcp # AgentX snmp-tcp-port 1993/tcp # cisco SNMP TCP port snmp-tcp-port 1993/udp # cisco SNMP TCP port
As noted above, you should carefully consider the impact of blocking services that you may be using.
It is important to note that in many SNMP implementations, the SNMP daemon may bind to all IP interfaces on the device. This has important consequences when considering appropriate packet filtering measures required to protect an SNMP-enabled device. For example, even if a device disallows SNMP packets directed to the IP addresses of its normal network interfaces, it may still be possible to exploit these vulnerabilities on that device through the use of packets directed at the following IP addresses: * "all-ones" broadcast address * subnet broadcast address * any internal loopback addresses (commonly used in routers for management purposes, not to be confused with the IP stack loopback address 127.0.0.1)
Careful consideration should be given to addresses of the types mentioned above by sites planning for packet filtering as part of their mitigation strategy for these vulnerabilities.
Finally, sites may wish to block access to the following RPC services related to SNMP (listed as name, program ID, alternate names)
snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk snmpv2 100138 na.snmpv2 # SNM Version 2.2.2 snmpXdmid 100249
Please note that this workaround may not protect vulnerable devices from internal attacks.
Filter SNMP traffic from non-authorized internal hosts
In many networks, only a limited number of network management systems need to originate SNMP request messages. This can reduce, but not wholly eliminate, the risk from internal attacks. However, it may have detrimental effects on network performance due to the increased load imposed by the filtering, so careful consideration is required before implementation. Similar caveats to the previous workaround regarding broadcast and loopback addresses apply.
Change default community strings
Most SNMP-enabled products ship with default community strings of "public" for read-only access and "private" for read-write access. As with any known default access control mechanism, the CERT/CC recommends that network administrators change these community strings to something of their own choosing. However, even when community strings are changed from their defaults, they will still be passed in plaintext and are therefore subject to packet sniffing attacks. SNMPv3 offers additional capabilities to ensure authentication and privacy as described in RFC2574.
Because many of the vulnerabilities identified in this advisory occur before the community strings are evaluated, it is important to note that performing this step alone is not sufficient to mitigate the impact of these vulnerabilities. Nonetheless, it should be performed as part of good security practice.
Segregate SNMP traffic onto a separate management network
In situations where blocking or disabling SNMP is not possible, exposure to these vulnerabilities may be limited by restricting all SNMP access to separate, isolated management networks that are not publicly accessible. Although this would ideally involve physically separate networks, that kind of separation is probably not feasible in most environments. Mechanisms such as virtual LANs (VLANs) may be used to help segregate traffic on the same physical network. Note that VLANs may not strictly prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.
Another option is for sites to restrict SNMP traffic to separate virtual private networks (VPNs), which employ cryptographically strong authentication.
Note that these solutions may require extensive changes to a site's network architecture.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network under your administrative control. There is typically limited need for machines providing public services to initiate outbound traffic to the Internet. In the case of SNMP vulnerabilities, employing egress filtering on the ports listed above at your network border can prevent your network from being used as a source for attacks on other sites.
Disable stack execution
Disabling executable stacks (on systems where this is configurable) can reduce the risk of "stack smashing" attacks based on these vulnerabilities. Although this does not provide 100 percent protection against exploitation of these vulnerabilities, it makes the likelihood of a successful exploit much smaller. On many UNIX systems, executable stacks can be disabled by adding the following lines to /etc/system:
set noexec_user_stack = 1 set noexec_user_stack_log = 1
Note that this may go against the SPARC and Intel ABIs and can be bypassed as required in programs with mprotect(2). For the changes to take effect you will then need to reboot.
Other operating systems and architectures also support the disabling of executable stacks either through native configuration parameters or via third-party software. Consult your vendor(s) for additional information.
Share tools and techniques
Because dealing with these vulnerabilities to systems and networks is so complex, the CERT/CC will provide a forum where administrators can share ideas and techniques that can be used to develop proper defenses. We have created an unmoderated mailing list for system and network administrators to discuss helpful techniques and tools.
You can subscribe to the mailing list by sending an email message to majordomo@cert.org. In the body of the message, type
subscribe snmp-forum
After you receive the confirmation message, follow the instructions in the message to complete the subscription process.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
AdventNet
This is in reference to your notification regarding [VU#107186 and
VU#854306] and OUSPG#0100. AdventNet Inc. has reproduced this
behavior in their products and coded a Service Pack fix which is
currently in regression testing in AdventNet Inc.'s Q.A.
organization. The release of AdventNet Inc's. Service Pack
correcting the behavior outlined in VU#617947, and OUSPG#0100 is
scheduled to be generally available to all of AdventNet Inc.'s
customers by February 20, 2002.
Avaya
Avaya Inc. No further information is available at this time.
CacheFlow
The purpose of this email is to advise you that CacheFlow Inc. has
provided a software update. Please be advised that updated versions
of the software are now available for all supported CacheFlow
hardware platforms, and may be obtained by CacheFlow customers at
the following URL:
http://download.cacheflow.com/
The specific reference to the software update is contained within the Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15 Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149.
RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm
RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm
* SR 1-1647517, VI 13045: This update modified a potential
vulnerability by using an SNMP test tools exploit.
3Com Corporation
A vulnerability to an SNMP packet with an invalid length community
string has been resolved in the following products. Customers
concerned about this weakness should ensure that they upgrade to
the following agent versions:
PS Hub 40
2.16 is due Feb 2002
PS Hub 50
2.16 is due Feb 2002
Dual Speed Hub
2.16 is due Jan 2002
Switch 1100/3300
2.68 is available now
Switch 4400
2.02 is available now
Switch 4900
2.04 is available now
WebCache1000/3000
2.00 is due Jan 2002
Caldera
Caldera International, Inc. has reproduced faulty behavior in
Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX
8. We have coded a software fix for supported versions of Caldera
UnixWare 7 and Caldera Open UNIX 8 that will be available from
our support site at http://stage.caldera.com/support/security
immediately following the publication of this CERT announcement. A
fix for supported versions of OpenServer 5 will be available at a
later date.
Cisco Systems
Cisco Systems is addressing the vulnerabilities identified by
VU#854306 and VU#107186 across its entire product line. Cisco will
publish a security advisory with further details at
http://www.cisco.com/go/psirt/.
Compaq Computer Corporation
x-ref: SSRT0779U SNMP
At the time of writing this document, COMPAQ continues to evaluate
this potential problem and when new versions of SNMP are available,
COMPAQ will implement solutions based on the new code. Compaq will
provide notice of any new patches as a result of that effort
through standard patch notification procedures and be available
from your normal Compaq Services support channel.
Computer Associates
Computer Associates has confirmed Unicenter vulnerability to the
SNMP advisory identified by CERT notification reference [VU#107186
& VU#854306] and OUSPG#0100. We have produced corrective
maintenance to address these vulnerabilities, which is in the
process of publication for all applicable releases / platforms and
will be offered through the CA Support site. Please contact our
Technical Support organization for information regarding
availability / applicability for your specific configuration(s).
COMTEK Services, Inc.
NMServer for AS/400 is not an SNMP master and is therefore not
vulnerable. However this product requires the use of the AS/400
SNMP master agent supplied by IBM.
NMServer for OpenVMS has been tested and has shown to be
vulnerable. COMTEK Services is preparing a new release of this
product (version 3.5) which will contain a fix for this problem.
This new release is scheduled to be available in February 2002.
Contact COMTEK Services for further information.
NMServer for VOS has not as yet been tested; vulnerability of this
agent is unknown. Contact for further information on the testing
schedule of the VOS product.
Covalent Technologies
Covalent Technologies ERS (Enterprise Ready Server), Secure Server,
and Conductor SNMP module are not vulnerable according to testing
performed in accordance with CERT recommendations. Security
information for Covalent products can be found at www.covalent.net
Dartware, LLC
Dartware, LLC (www.dartware.com) supplies two products that use
SNMPv1 in a manager role, InterMapper and SNMP Watcher. This statement applies to all present
and past versions of these two software packages.
DMH Software
DMH Software is in the process of evaluating and attempting to
reproduce this behavior.
It is unclear at this point if our snmp-agent is sensitive to the
tests described above.
If any problems will be discovered, DMH Software will code a
software fix.
The release of DMH Software OS correcting the behavior outlined in
VU#854306, VU#107186, and OUSPG#0100 will be generally available to
all of DMH Software's customers as soon as possible.
EnGarde Secure Linux
EnGarde Secure Linux did not ship any SNMP packages in version
1.0.1 of our distribution, so we are not vulnerable to either bug.
FreeBSD
FreeBSD does not include any SNMP software by default, and so is
not vulnerable. However, the FreeBSD Ports Collection contains the
UCD-SNMP / NET-SNMP package. Package versions prior to
ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release
will ship the corrected version of the UCD-SNMP / NET-SNMP
package. In addition, the corrected version of the packages is
available from the FreeBSD mirrors.
FreeBSD has issued the following FreeBSD Security Advisory
regarding the UCD-SNMP / NET-SNMP package:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.
snmp.asc.
Hewlett-Packard Company
SUMMARY - known vulnerable:
========================================
hp procurve switch 2524
NNM (Network Node Manager)
JetDirect Firmware (Older versions only)
HP-UX Systems running snmpd or OPENVIEW
MC/ServiceGuard
EMS
Still under investigation:
SNMP/iX (MPE/iX)
========================================
_________________________________________________________
---------------------------------------------------------
hp procurve switch 2524
---------------------------------------------------------
hp procurve switch 2525 (product J4813A) is vulnerable to some
issues, patches in process. Watch for the associated HP
Security Bulletin.
---------------------------------------------------------
NNM (Network Node Manager)
---------------------------------------------------------
Some problems were found in NNM product were related to
trap handling. Patches in process. Watch for the
associated HP Security Bulletin.
---------------------------------------------------------
JetDirect Firmware (Older versions only)
---------------------------------------------------------
ONLY some older versions of JetDirect Firmware are
vulnerable to some of the issues. The older firmware
can be upgraded in most cases, see list below.
JetDirect Firmware Version State
========================== =====
X.08.32 and higher NOT Vulnerable
X.21.00 and higher NOT Vulnerable
JetDirect Product Numbers that can be freely
upgraded to X.08.32 or X.21.00 or higher firmware.
EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)
J3110A 10T
J3111A 10T/10B2/LocalTalk
J3112A Token Ring (discontinued)
J3113A 10/100 (discontinued)
J4169A 10/100
J4167A Token Ring
MIO (Peripherals LaserJet 4, 4si, 5si, etc...)
J2550A/B 10T (discontinued)
J2552A/B 10T/10Base2/LocalTalk (discontinued)
J2555A/B Token Ring (discontinued)
J4100A 10/100
J4105A Token Ring
J4106A 10T
External Print Servers
J2591A EX+ (discontinued)
J2593A EX+3 10T/10B2 (discontinued)
J2594A EX+3 Token Ring (discontinued)
J3263A 300X 10/100
J3264A 500X Token Ring
J3265A 500X 10/100
----------------------------------------------------------
HP-UX Systems running snmpd or OPENVIEW
----------------------------------------------------------
The following patches are available now:
PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch
PHSS_26138 s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch
PSOV_03087 EMANATE Release 14.2 Solaris 2.X Agent Consolidated
Patch
All three patches are available from:
http://support.openview.hp.com/cpe/patches/
In addition PHSS_26137 and PHSS_26138 will soon be available from:
http://itrc.hp.com
================================================================
NOTE: The patches are labeled OV(Open View). However, the patches
are also applicable to systems that are not running Open View.
=================================================================
Any HP-UX 10.X or 11.X system running snmpd or snmpdm is
vulnerable.
To determine if your HP-UX system has snmpd or snmpdm installed:
swlist -l file | grep snmpd
If a patch is not available for your platform or you cannot install
an available patch, snmpd and snmpdm can be disabled by removing
their
entries from /etc/services and removing the execute permissions
from
/usr/sbin/snmpd and /usr/sbin/snmpdm.
----------------------------------------------------------------
Investigation completed, systems vulnerable.
----------------------------------------------------------------
MC/ServiceGuard
Event Monitoring System (EMS)
----------------------------------------------------------------
Still under investigation:
----------------------------------------------------------------
SNMP/iX (MPE/iX)
Hirschmann Electronics GmbH & Co. KG
Hirschmann Electronics GmbH & Co. KG supplies a broad range of
networking products, some of which are affected by the SNMP
vulnerabilities identified by CERT Coordination Center. Hirschmann customers may contact our Competence
Center (phone +49-7127-14-1538, email:
ans-support@nt.hirschmann.de) for additional information,
especially regarding availability of latest firmware releases
addressing the SNMP vulnerabilities.
IBM Corporation
Based upon the results of running the test suites we have
determined that our version of SNMP shipped with AIX is NOT
vulnerable.
Innerdive Solutions, LLC
Innerdive Solutions, LLC has two SNMP based products:
1. The "SNMP MIB Scout"
(http://www.innerdive.com/products/mibscout/)
2. The "Router IP Console" (http://www.innerdive.com/products/ric/)
The "SNMP MIB Scout" is not vulnerable to either bug.
The "Router IP Console" releases prior to 3.3.0.407 are vulnerable.
The release of "Router IP Console" correcting the behavior outlined
in OUSPG#0100 is 3.3.0.407 and is already available on our site.
Also, we will notify all our customers about this new release no
later than March 5, 2002.
Juniper Networks
This is in reference to your notification regarding CAN-2002-0012
and CAN-2002-0013. Juniper Networks has reproduced this behavior
and coded a software fix. The fix will be included in all releases
of JUNOS Internet software built after January 5, 2002. Customers
with current support contracts can download new software with the
fix from Juniper's web site at www.juniper.net.
Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can
only be reproduced in JUNOS Internet software if certain tracing
options are enabled. These options are generally not enabled in
production routers.
Lantronix, Inc.
Lantronix is committed to resolving security issues with our
products. The SNMP security bug you reported has been fixed in LRS
firmware version B1.3/611(020123).
Lotus Development Corporation
Lotus Software evaluated the Lotus Domino Server for
vulnerabilities using the test suite materials provided by OUSPG.
This problem does not affect default installations of the Domino
Server. However, SNMP agents can be installed from the CD to
provide SNMP services for the Domino Server (these are located in
the /apps/sysmgmt/agents directory). The optional platform
specific master and encapsulator agents included with the Lotus
Domino SNMP Agents for HP-UX and Solaris have been found to be
vulnerable. For those platforms, customers should upgrade to
version R5.0.1 a of the Lotus Domino SNMP Agents, available for
download from the Lotus Knowledge Base on the IBM Support Web Site
(http://www.ibm.com/software/lotus/support/). Please refer to
Document #191059, "Lotus Domino SNMP Agents R5.0.1a", also in the
Lotus Knowledge Base, for more details.
LOGEC Systems Inc
The products from LOGEC Systems are exposed to SNMP only via HP
OpenView. We do not have an implementation of SNMP ourselves. As
such, there is nothing in our products that would be an issue with
this alert.
Lucent
Lucent is aware of reports that there is a vulnerability in certain
implementations of the SNMP (Simple Network Management Protocol)
code that is used in data switches and other hardware throughout
the telecom industry.
As soon as we were notified by CERT, we began assessing our product
portfolio and notifying customers with products that might be
affected.
Our 5ESS switch and most of our optical portfolio were not
affected. Our core and edge ATM switches and most of our edge
access products are affected, but we have developed, tested, and
deployed fixes for many of those products to our customers.
We consider the security and reliability of our customers' networks
to be one of our critical measures of success. We take every
reasonable measure to ensure their satisfaction.
In addition, we are working with customers on ways to further
enhance the security they have in place today.
Marconi
Marconi supplies a broad range of telecommunications and related
products, some of which are affected by the SNMP vulnerabilities
identified here. Those
Marconi customers with support entitlement may contact the
appropriate Technical Assistance Center (TAC) for additional
information. Those not under support entitlement may contact their
sales representative.
Microsoft Corporation
The Microsoft Security Reponse [sic] Center has investigated this
issue, and provides the following information. The SNMP v1 service is not installed or running by
default on any version of Windows. A patch is underway to eliminate
the vulnerability. In the meantime, we recommend that affected
customers disable the SNMP v1 service.
Details:
An SNMP v1 service ships on the CDs for Windows 95, 98, and 98SE.
It is not installed or running by default on any of these
platforms. An SNMP v1 is NOT provided for Windows ME. However, it
is possible that Windows 98 machines which had the service
installed and were upgraded would still have the service. Since
SNMP is not supported for WinME, customers in this situation are
urged to remove the SNMP service.
An SNMP v1 service is available on Windows NT 4.0 (including
Terminal Server Edition) and Windows 2000 but is not installed or
running by default on any of these platforms.Windows XP does not
ship with an SNMP v1 service.
Remediation:
A patch is underway for the affected platforms, and will be
released shortly. In the meantime, Microsoft recommends that
customers who have the SNMP v1 service running disable it to
protect their systems. Following are instruction for doing this:
Windows 95, 98 and 98SE:
1. In Control Panel, double-click Network.
2. On the Configuration tab, select Microsoft SNMP Agent from the
list of installed components.
3. Click Remove
Check the following keys and confirm that snmp.exe is not listed.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunSer
vices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
For Windows XP:
1. Right-click on My Computer and select Manage
2. Click on Services and Applications, then on Services
3. Location SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close the Computer
Management window.
For Windows NT 4.0 (including Terminal Server Edition):
1. Select Start, then Settings.
2. Select Control Panel, then click on the Services Icon
3. Locate SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close Control Panel
Windows 2000:
1. Right-click on My Computer and select Manage
2. Click on Services and Applications, then on Services
3. Location SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close the Computer
Management window.
Multinet
MultiNet and TCPware customers should contact Process Software to
check for the availability of patches for this issue. A couple of
minor problems were found and fixed, but there is no security risk
related to the SNMP code included with either product.
Netaphor
NETAPHOR SOFTWARE INC. is the creator of Cyberons for Java -- SNMP
Manager Toolkit and Cyberons for Java -- NMS Application Toolkit,
two Java based products that may be affected by the SNMP
vulnerabilities identified here. The manner in which they are
affected and the actions required (if any) to avoid being impacted
by exploitation of these vulnerabilities, may be obtained by
contacting Netaphor via email at info@netaphor.com Customers with
annual support may contact support@netaphor.com directly. Those not
under support entitlement may contact Netaphor sales:
sales@netaphor.com or (949) 470 7955 in USA.
NetBSD
NetBSD does not ship with any SNMP tools in our 'base' releases. We
do provide optional packages which provide various support for
SNMP. These packages are not installed by default, nor are they
currently provided as an install option by the operating system
installation tools. A system administrator/end-user has to manually
install this with our package management tools. These SNMP packages
include:
+ netsaint-plugin-snmp-1.2.8.4 (SNMP monitoring plug-in for
netsaint)
+ p5-Net-SNMP-3.60 (perl5 module for SNMP queries)
+ p5-SNMP-3.1.0 (Perl5 module for interfacing to the UCD SNMP
library
+ p5-SNMP_Session-0.83 (perl5 module providing rudimentary
access to remote SNMP agents)
+ ucd-snmp-4.2.1 (Extensible SNMP implementation) (conflicts
with ucd-snmp-4.1.2)
+ ucd-snmp-4.1.2 (Extensible SNMP implementation) (conflicts
with ucd-snmp-4.2.1)
We do provide a software monitoring mechanism called
'audit-packages', which allows us to highlight if a package with a
range of versions has a potential vulnerability, and recommends
that the end-user upgrade the packages in question.
Netscape Communications Corporation
Netscape continues to be committed to maintaining a high level of
quality in our software and service offerings. Part of this
commitment includes prompt response to security issues discovered
by organizations such as the CERT Coordination Center.
According to a recent CERT/CC advisory, The Oulu University Secure
Programming Group (OUSPG) has reported numerous vulnerabilities in
multiple vendor SNMPv1 implementations.
We have carefully examined the reported findings, performing the
tests suggested by the OUSPG to determine whether Netscape server
products were subject to these vulnerabilities. It was determined
that several products fell into this category. As a result, we have
created fixes which will resolve the issues, and these fixes will
appear in future releases of our product line. To Netscape's
knowledge, there are no known instances of these vulnerabilities
being exploited and no customers have been affected to date.
When such security warnings are issued, Netscape has committed to -
and will continue to commit to - resolving these issues in a prompt
and timely fashion, ensuring that our customers receive products of
the highest quality and security.
NET-SNMP
All ucd-snmp version prior to 4.2.2 are susceptible to this
vulnerability and users of versions prior to version 4.2.2 are
encouraged to upgrade their software as soon as possible
(http://www.net-snmp.org/download/). Version 4.2.2 and higher are
not susceptible.
Network Associates
PGP is not affected, impacted, or otherwise related to this VU#.
Network Computing Technologies
Network Computing Technologies has reviewed the information
regarding SNMP vulnerabilities and is currently investigating the
impact to our products.
Nokia
This vulnerability is known to affect IPSO versions 3.1.3, 3.3,
3.3.1, 3.4, and 3.4.1. Patches are currently available for
versions 3.3, 3.3.1, 3.4 and 3.4.1 for download from the Nokia
website. In addition, version 3.4.2 shipped with the patch
incorporated, and the necessary fix will be included in all future
releases of IPSO.
We recommend customers install the patch immediately or follow the
recommended precautions below to avoid any potential exploit.
If you are not using SNMP services, including Traps, simply disable
the SNMP daemon to completely eliminate the potential
vulnerability.
If you are using only SNMP Traps and running Check Point
FireWall-1, create a firewall policy to disallow incoming SNMP
messages on all appropriate interfaces. Traps will continue to work
normally.
Nortel Networks
The CERT Coordination Center has issued a broad based alert to the
technology industry, including Nortel Networks, regarding potential
security vulnerabilities identified in the Simple Network
Management Protocol (SNMP), a common networking standard. The
company is working with CERT and other network equipment
manufacturers, the U.S. Government, service providers, and software
suppliers to assess and address this issue.
Novell
Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x
and 6.0 systems. The SNMP and SNMPLOG vulnerabilities detected on
NetWare are fixed and will be available through NetWare 6 Support
Pack 1 & NetWare 5.1 Support Pack 4. Support packs are available at
http://support.novell.com/tools/csp/
OpenBSD
OpenBSD does not ship SNMP code.
Qualcomm
WorldMail does not support SNMP by default, so customers who run
unmodified installations are not vulnerable.
Redback Networks, Inc.
Redback Networks, Inc. has identified that the vulnerability in
question affects certain versions of AOS software on the SMS 500,
SMS 1800, and SMS 10000 platforms, and is taking the appropriate
steps necessary to correct the issue.
Red Hat
RedHat has released a security advisiory [sic] at
http://www.redhat.com/support/errata/RHSA-2001-163.html
with updated versions of the ucd-snmp package for all supported
releases and architectures. For more information or to download the
update please visit this page.
SGI
SGI acknowledges the SNMP vulnerabilities reported by CERT and is
currently investigating. No further information is available at
this time.
For the protection of all our customers, SGI does not disclose,
discuss or confirm vulnerabilities until a full investigation has
occurred and any necessary patch(es) or release streams are
available for all vulnerable and supported IRIX operating systems.
Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable
and take appropriate steps according to local site security
policies and requirements. As further information becomes
available, additional advisories will be issued via the normal SGI
security information distribution methods including the wiretap
mailing list on http://www.sgi.com/support/security/.
SNMP Research International
SNMP Research has made the following vendor statement. They are
likely to revise and expand the statement as the date for the
public vulnerability announcement draws nearer. Users maintaining
earlier releases should update to the current release if they have
not already done so. Up-to-date information is available from
support@snmp.com. Other Stonesoft's products are
still under investigation. As further information becomes
available, additional advisories will be available at
http://www.stonesoft.com/support/techcenter/
Sun Microsystems, Inc.
Sun's SNMP product, Solstice Enterprise Agents (SEA), described
here:
http://www.sun.com/solstice/products/ent.agents/
is affected by VU#854306 but not VU#107186. More specifically the
main agent of SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8.
Sun is currently generating patches for this issue and will be
releasing a Sun Security Bulletin once the patches are available.
The bulletin will be available from:
http://sunsolve.sun.com/security. Sun patches are available from:
http://sunsolve.sun.com/securitypatch.
Symantec Corporation
Symantec Corporation has investigated the SNMP issues identified by
the OUSPG test suite and determined that Symantec products are not
susceptable [sic] to these issues.
TANDBERG
Tandberg have run all the testcases found the PROTOS test-suie
[sic], c06snmpv1:
1. c06-snmpv1-trap-enc-pr1.jar
2. c06-snmpv1-treq-app-pr1.jar
3. c06-snmpv1-trap-enc-pr1.jar
4. c06-snmpv1-req-app-pr1.jar
The tests were run with standard delay time between the requests
(100ms), but also with a delay of 1ms. The tests applies to all
TANDBERG products (T500, T880, T1000, T2500, T6000 and T8000). The
software tested on these products were B4.0 (our latest software)
and no problems were found when running the test suite.
Appendix B. - References 1. http://www.ee.oulu.fi/research/ouspg/protos/ 2. http://www.kb.cert.org/vuls/id/854306 3. http://www.kb.cert.org/vuls/id/107186 4. http://www.cert.org/tech_tips/denial_of_service.html 5. http://www.ietf.org/rfc/rfc1067.txt 6. http://www.ietf.org/rfc/rfc1089.txt 7. http://www.ietf.org/rfc/rfc1140.txt 8. http://www.ietf.org/rfc/rfc1155.txt 9. http://www.ietf.org/rfc/rfc1156.txt 10. http://www.ietf.org/rfc/rfc1215.txt 11. http://www.ietf.org/rfc/rfc1270.txt 12. http://www.ietf.org/rfc/rfc1352.txt
Appendix C. - Background Information
Background Information on the OUSPG
OUSPG is an academic research group located at Oulu University in
Finland. The purpose of this research group is to test software
for vulnerabilities.
History has shown that the techniques used by the OUSPG have
discovered a large number of previously undetected problems in the
products and protocols they have tested. In 2001, the OUSPG
produced a comprehensive test suite for evaluating implementations
of the Lightweight Directory Access Protocol (LDAP). This test
suite was developed with the strategy of abusing the protocol in
unsupported and unexpected ways, and it was very effective in
uncovering a wide variety of vulnerabilities across several
products. This approach can reveal vulnerabilities that would not
manifest themselves under normal conditions.
After completing its work on LDAP, OUSPG moved its focus to
SNMPv1. As with LDAP, they designed a custom test suite, began
testing a selection of products, and found a number of
vulnerabilities. Because OUSPG's work on LDAP was similar in
procedure to its current work on SNMP, you may wish to review the
LDAP Test Suite and CERT Advisory CA-2001-18, which outlined
results of application of the test suite.
In order to test the security of protocols like SNMPv1, the PROTOS
project presents a server with a wide variety of sample packets
containing unexpected values or illegally formatted data. As a
member of the PROTOS project consortium, the OUSPG used the PROTOS
c06-snmpv1 test suite to study several implementations of the
SNMPv1 protocol.
Background Information on the Simple Network Management Protocol
The Simple Network Management Protocol (SNMP) is the most popular
protocol in use to manage networked devices. SNMP was designed in
the late 80's to facilitate the exchange of management information
between networked devices, operating at the application layer of
the ISO/OSI model. The SNMP protocol enables network and system
administrators to remotely monitor and configure devices on the
network (devices such as switches and routers). Software and
firmware products designed for networks often make use of the SNMP
protocol. SNMP runs on a multitude of devices and operating
systems, including, but not limited to,
+ Core Network Devices (Routers, Switches, Hubs, Bridges, and
Wireless Network Access Points)
+ Operating Systems
+ Consumer Broadband Network Devices (Cable Modems and DSL
Modems)
+ Consumer Electronic Devices (Cameras and Image Scanners)
+ Networked Office Equipment (Printers, Copiers, and FAX
Machines)
+ Network and Systems Management/Diagnostic Frameworks (Network
Sniffers and Network Analyzers)
+ Uninterruptible Power Supplies (UPS)
+ Networked Medical Equipment (Imaging Units and Oscilloscopes)
+ Manufacturing and Processing Equipment
The SNMP protocol is formally defined in RFC1157. Quoting from
that RFC:
Implicit in the SNMP architectural model is a collection
of network management stations and network elements.
Network management stations execute management
applications which monitor and control network elements.
Network elements are devices such as hosts, gateways,
terminal servers, and the like, which have management
agents responsible for performing the network management
functions requested by the network management stations.
The Simple Network Management Protocol (SNMP) is used to
communicate management information between the network
management stations and the agents in the network
elements.
Additionally, SNMP is discussed in a number of other RFC
documents:
+ RFC 3000 Internet Official Protocol Standards
+ RFC 1212 Concise MIB Definitions
+ RFC 1213 Management Information Base for Network Management
of TCP/IP-based Internets: MIB-II
+ RFC 1215 A Convention for Defining Traps for use with the
SNMP
+ RFC 1270 SNMP Communications Services
+ RFC 2570 Introduction to Version 3 of the Internet-standard
Network Management Framework
+ RFC 2571 An Architecture for Describing SNMP Management
Frameworks
+ RFC 2572 Message Processing and Dispatching for the Simple
Network Management Protocol (SNMP)
+ RFC 2573 SNMP Applications
+ RFC 2574 User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
+ RFC 2575 View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP)
+ RFC 2576 Coexistence between Version 1, Version 2, and
Version 3 of the Internet-standard Network Management
Framework
_____________________________________________________________
The CERT Coordination Center thanks the Oulu University Secure
Programming Group for reporting these vulnerabilities to us, for
providing detailed technical analyses, and for assisting us in
preparing this advisory. We also thank Steven M. Bellovin (AT&T
Labs -- Research), Wes Hardaker (Net-SNMP), Steve Moulton (SNMP
Research), Tom Reddington (Bell Labs), Mike Duckett (Bell South),
Rob Thomas, Blue Boar (Thievco), and the many others who
contributed to this document.
_____________________________________________________________
Feedback on this document can be directed to the authors, Ian A.
Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D.
Householder, Marty Lindner, and Art Manion.
__________________________________________________________________
This document is available from:
http://www.cert.org/advisories/CA-2002-03.html
__________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by
email. Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information
CERT publications and other security information are available
from our web site
http://www.cert.org/
To subscribe to the CERT mailing list for advisories and
bulletins, send email to majordomo@cert.org. Please include in the
body of your message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
__________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the
Software Engineering Institute is furnished on an "as is" basis.
Carnegie Mellon University makes no warranties of any kind, either
expressed or implied as to any matter including, but not limited
to, warranty of fitness for a particular purpose or
merchantability, exclusivity or results obtained from use of the
material. Carnegie Mellon University does not make any warranty of
any kind with respect to freedom from patent, trademark, or
copyright infringement.
_____________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
Revision History
February 12, 2002: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU R1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl QUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr uZiMJ5f2SEo= =h42e -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200205-0149", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ios 12.0", scope: "ne", trust: 5.4, vendor: "cisco", version: null, }, { model: "ios 12.1", scope: "ne", trust: 3.6, vendor: "cisco", version: null, }, { model: "openserver", scope: "eq", trust: 1.9, vendor: "caldera", version: "5.0.5", }, { model: null, scope: null, trust: 1.6, vendor: "3com", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "adtran", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "adventnet", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "american power conversion", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "aprisma", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "avaya", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "bea", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "bmc", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "cnt", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "comtek services", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "cscare", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "cacheflow", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "carrier access", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "cisco", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "compaq computer", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "computer associates", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "concord", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "dart", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "dell", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "digital", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "entrada", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "equinox", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "f5", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "fluke", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "freebsd", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "general datacomm", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "hewlett packard", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "hirschmann", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "hitachi", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "ibm", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "iplanet", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "itouch", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "infovista", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "inktomi", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "innerdive", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "ipswitch", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "juniper", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "karlnet", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "lantronix", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "larscom incorporated", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "lotus", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "lucent", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "mg soft", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "mandriva", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "marconi", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "mercury interactive", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "metrobility optical", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "micromuse", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "microsoft", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "monfox", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "multinet", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "nec", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "net snmp", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "network harmoni", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "nbase xyplex", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "netscout", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "netsilicon", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "netscape", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "network appliance", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "nortel", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "novell", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "openwave", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "optical access", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "oracle", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "perle", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "powerware", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "radware", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "red hat", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "redback", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "riverstone", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "snmp research", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "sniffer", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "sonicwall", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "sonus", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "stonesoft", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "sun microsystems", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "symantec", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "the sco group sco unix", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "tivoli", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "toshiba", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "unisphere", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "vertical", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "vina", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "wind river", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "world wide packets", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "xerox", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "e security", version: null, }, { model: null, scope: null, trust: 1.6, vendor: "net com", version: null, }, { model: "ios 12.2", scope: "ne", trust: 1.5, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 1.5, vendor: "cisco", version: "30002.5.2", }, { model: "ios 12.0 xe", scope: null, trust: 1.2, vendor: "cisco", version: null, }, { model: "ios 12.1 dc2", scope: "ne", trust: 1.2, vendor: "cisco", version: null, }, { model: "ios 12.0 s6", scope: "ne", trust: 0.9, vendor: "cisco", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "nudesign team", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "outback resource group", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "veritas", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "bintec", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "interniche", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "ncipher corp", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "netscreen", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "nokia", version: null, }, { model: "sunatm", scope: "eq", trust: 0.6, vendor: "sun", version: "5.0", }, { model: "sunatm", scope: "eq", trust: 0.6, vendor: "sun", version: "4.0.1", }, { model: "sunatm", scope: "eq", trust: 0.6, vendor: "sun", version: "3.0.1", }, { model: "sunatm", scope: "eq", trust: 0.6, vendor: "sun", version: "2.1", }, { model: "ios 12.0 s7", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.2 bx", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.0 st1", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.1 e8", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.0 s8", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.0 w5", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "call manager", scope: "eq", trust: 0.6, vendor: "cisco", version: "3.1", }, { model: "ios 12.0 xe?", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 0.6, vendor: "cisco", version: "30003.1", }, { model: "ios 12.0 s1", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.0 wc1", scope: null, trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.0 xu", scope: null, trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.1 db1", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.0 xk", scope: null, trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.0 st2", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.1 ey", scope: null, trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.1 e3", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "ios 12.1 db2", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 0.6, vendor: "cisco", version: "30003.0.3", }, { model: "ios 12.1 ex", scope: null, trust: 0.6, vendor: "cisco", version: null, }, { model: "sunnet manager sparc", scope: "eq", trust: 0.3, vendor: "sun", version: "2.3", }, { model: "sunnet manager intel", scope: "eq", trust: 0.3, vendor: "sun", version: "2.3", }, { model: "sunmc rr", scope: "eq", trust: 0.3, vendor: "sun", version: "3.0", }, { model: "sunmc", scope: "eq", trust: 0.3, vendor: "sun", version: "3.0", }, { model: "sunmc", scope: "eq", trust: 0.3, vendor: "sun", version: "2.1.1", }, { model: "enterprise server ssp", scope: "eq", trust: 0.3, vendor: "sun", version: "100003.5", }, { model: "enterprise server ssp", scope: "eq", trust: 0.3, vendor: "sun", version: "100003.4", }, { model: "enterprise server ssp", scope: "eq", trust: 0.3, vendor: "sun", version: "100003.3", }, { model: "research mid-level manager", scope: "eq", trust: 0.3, vendor: "snmp", version: "15.3", }, { model: "research enterpol", scope: "eq", trust: 0.3, vendor: "snmp", version: "15.3", }, { model: "research dr-web manager", scope: "eq", trust: 0.3, vendor: "snmp", version: "15.3", }, { model: "emulex 1gbit fibrechannel hub", scope: null, trust: 0.3, vendor: "sgi", version: null, }, { model: "brocade", scope: "eq", trust: 0.3, vendor: "sgi", version: "2.6.0", }, { model: "networks aos", scope: null, trust: 0.3, vendor: "redback", version: null, }, { model: "realplayer intranet", scope: "eq", trust: 0.3, vendor: "realnetworks", version: "5.0", }, { model: "software tcpware", scope: "eq", trust: 0.3, vendor: "process", version: "5.5", }, { model: "software multinet", scope: "eq", trust: 0.3, vendor: "process", version: "4.4", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.0.1", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.5", }, { model: "netware", scope: "eq", trust: 0.3, vendor: "novell", version: "6.0", }, { model: "netware", scope: "eq", trust: 0.3, vendor: "novell", version: "5.1", }, { model: "netware", scope: "eq", trust: 0.3, vendor: "novell", version: "5.0", }, { model: "netware", scope: "eq", trust: 0.3, vendor: "novell", version: "4.11", }, { model: "netware", scope: "eq", trust: 0.3, vendor: "novell", version: "4.2", }, { model: "netware", scope: "eq", trust: 0.3, vendor: "novell", version: "4.0", }, { model: "ipso", scope: "eq", trust: 0.3, vendor: "nokia", version: "3.4.1", }, { model: "ipso", scope: "eq", trust: 0.3, vendor: "nokia", version: "3.4", }, { model: "ipso", scope: "eq", trust: 0.3, vendor: "nokia", version: "3.3.1", }, { model: "ipso", scope: "eq", trust: 0.3, vendor: "nokia", version: "3.3", }, { model: "ipso", scope: "eq", trust: 0.3, vendor: "nokia", version: "3.1.3", }, { model: "ucd-snmp", scope: "eq", trust: 0.3, vendor: "net snmp", version: "4.2.1", }, { model: "ucd-snmp", scope: "eq", trust: 0.3, vendor: "net snmp", version: "4.1.1", }, { model: "windows xp professional", scope: null, trust: 0.3, vendor: "microsoft", version: null, }, { model: "windows xp home", scope: null, trust: 0.3, vendor: "microsoft", version: null, }, { model: "windows nt workstation sp6a", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt workstation sp6", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt workstation sp5", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt workstation sp4", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt workstation sp3", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt workstation sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt workstation sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt workstation", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt terminal server sp6", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt terminal server sp5", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt terminal server sp4", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt terminal server sp3", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt terminal server sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt terminal server sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt terminal server", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt server sp6a", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt server sp6", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt server sp5", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt server sp4", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt server sp3", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt server sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt server sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt server", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt enterprise server sp6a", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt enterprise server sp6", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt enterprise server sp5", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt enterprise server sp4", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt enterprise server sp3", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt enterprise server sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt enterprise server sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows nt enterprise server", scope: "eq", trust: 0.3, vendor: "microsoft", version: "4.0", }, { model: "windows 98se", scope: null, trust: 0.3, vendor: "microsoft", version: null, }, { model: "windows", scope: "eq", trust: 0.3, vendor: "microsoft", version: "98", }, { model: "windows", scope: "eq", trust: 0.3, vendor: "microsoft", version: "95", }, { model: "windows terminal services sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows terminal services sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows terminal services", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows server sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows server sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows server", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows professional sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows professional sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows professional", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows datacenter server sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows datacenter server sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows datacenter server", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows advanced server sp2", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows advanced server sp1", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "windows advanced server", scope: "eq", trust: 0.3, vendor: "microsoft", version: "2000", }, { model: "domino snmp agents solaris", scope: "eq", trust: 0.3, vendor: "lotus", version: "5.0.1x86", }, { model: "domino snmp agents solaris sparc", scope: "eq", trust: 0.3, vendor: "lotus", version: "5.0.1", }, { model: "domino snmp agents hp-ux", scope: "eq", trust: 0.3, vendor: "lotus", version: "5.0.1", }, { model: "lrs", scope: null, trust: 0.3, vendor: "lantronix", version: null, }, { model: "junos", scope: "eq", trust: 0.3, vendor: "juniper", version: "5.1", }, { model: "junos", scope: "eq", trust: 0.3, vendor: "juniper", version: "5.0", }, { model: "solutions router ip console", scope: "eq", trust: 0.3, vendor: "innerdive", version: "3.3.0.406", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.2", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.1", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "secure os software for linux", scope: "eq", trust: 0.3, vendor: "hp", version: "1.0", }, { model: "procurve switch 8000m", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "procurve switch 4108gl-bundle", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "procurve switch 4108gl", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "procurve switch 4000m", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "procurve switch", scope: "eq", trust: 0.3, vendor: "hp", version: "2525", }, { model: "procurve switch", scope: "eq", trust: 0.3, vendor: "hp", version: "2524", }, { model: "procurve switch", scope: "eq", trust: 0.3, vendor: "hp", version: "2512", }, { model: "procurve switch 2424m", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "procurve switch 2400m", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "procurve switch 1600m", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "ov/sam", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "openview network node manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.10", }, { model: "openview network node manager solaris", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "openview network node manager hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "6.211.x", }, { model: "openview network node manager hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "6.210.x", }, { model: "openview network node manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "openview network node manager solaris", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "openview network node manager hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "6.111.x", }, { model: "openview network node manager hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "6.110.x", }, { model: "openview network node manager solaris", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "openview network node manager nt 4.x/windows", scope: "eq", trust: 0.3, vendor: "hp", version: "6.02000", }, { model: "openview network node manager hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "6.011.x", }, { model: "openview network node manager hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "6.010.20", }, { model: "openview network node manager windows nt", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0.23.51/4.0", }, { model: "openview network node manager solaris", scope: "eq", trust: 0.3, vendor: "hp", version: "5.01", }, { model: "openview network node manager hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "5.01", }, { model: "openview network node manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.01", }, { model: "openview network node manager solaris", scope: "eq", trust: 0.3, vendor: "hp", version: "4.11", }, { model: "openview network node manager hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.11", }, { model: "openview extensible snmp agent", scope: "eq", trust: 0.3, vendor: "hp", version: "4.0", }, { model: "openview emanate snmp agent solaris", scope: "eq", trust: 0.3, vendor: "hp", version: "14.22.x", }, { model: "openview emanate snmp agent hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "14.211.x", }, { model: "openview emanate snmp agent hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "14.210.20", }, { model: "openview distributed management", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "openview distributed management", scope: "eq", trust: 0.3, vendor: "hp", version: "5.03", }, { model: "mpe/ix", scope: "eq", trust: 0.3, vendor: "hp", version: "6.5", }, { model: "mpe/ix", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "mpe/ix", scope: "eq", trust: 0.3, vendor: "hp", version: "5.5", }, { model: "mpe/ix", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "mpe/ix", scope: "eq", trust: 0.3, vendor: "hp", version: "4.5", }, { model: "mpe/ix", scope: "eq", trust: 0.3, vendor: "hp", version: "4.0", }, { model: "mc/serviceguard", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "jetdirect", scope: "eq", trust: 0.3, vendor: "hp", version: "x.20.00", }, { model: "jetdirect", scope: "eq", trust: 0.3, vendor: "hp", version: "x.08.00", }, { model: "ito/vpo/ovo unix", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "11.04", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "10.24", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "11.20", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "11.11", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "11.0", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "10.20", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "10.10", }, { model: "hp-ux", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "ems a.03.20", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "ems a.03.10", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "ems a.03.00", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "gzip", scope: "eq", trust: 0.3, vendor: "gnu", version: "3.1.02", }, { model: "services nmserver", scope: "eq", trust: 0.3, vendor: "comtek", version: "3.4", }, { model: "associates unicenter", scope: null, trust: 0.3, vendor: "computer", version: null, }, { model: "unixware", scope: "eq", trust: 0.3, vendor: "caldera", version: "7.1.1", }, { model: "unixware", scope: "eq", trust: 0.3, vendor: "caldera", version: "7.1.0", }, { model: "unixware", scope: "eq", trust: 0.3, vendor: "caldera", version: "7", }, { model: "openunix", scope: "eq", trust: 0.3, vendor: "caldera", version: "8.0", }, { model: "openserver", scope: "eq", trust: 0.3, vendor: "caldera", version: "5.0.6", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "4.0.14", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "4.0.13", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "4.0.12", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "4.0.11", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "4.0", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.21", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.19", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.18", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.17", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.16", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.15", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.14", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.13", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.12", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.11", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.20", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.10", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.09", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.08", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.07", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.06", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.05", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.04", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.03", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1.02", }, { model: "cacheos", scope: "eq", trust: 0.3, vendor: "cacheflow", version: "3.1", }, { model: "cacheos", scope: null, trust: 0.3, vendor: "cacheflow", version: null, }, { model: "web nms msp edition", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "web nms", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "snmp utilities", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "snmp api", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "mediation server", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "management builder", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "fault management toolkit", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "configuration management toolkit", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "cli api", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "agent toolkit java/jmx edition", scope: null, trust: 0.3, vendor: "adventnet", version: null, }, { model: "agent toolkit c edition", scope: "eq", trust: 0.3, vendor: "adventnet", version: null, }, { model: "webcache", scope: "eq", trust: 0.3, vendor: "3com", version: "3000", }, { model: "webcache", scope: "eq", trust: 0.3, vendor: "3com", version: "1000", }, { model: "switch", scope: "eq", trust: 0.3, vendor: "3com", version: "4900", }, { model: "switch", scope: "eq", trust: 0.3, vendor: "3com", version: "4400", }, { model: "switch", scope: "eq", trust: 0.3, vendor: "3com", version: "3300", }, { model: "switch", scope: "eq", trust: 0.3, vendor: "3com", version: "1100", }, { model: "ps hub", scope: "eq", trust: 0.3, vendor: "3com", version: "50", }, { model: "ps hub", scope: "eq", trust: 0.3, vendor: "3com", version: "40", }, { model: "dual speed hub", scope: null, trust: 0.3, vendor: "3com", version: null, }, { model: "brocade .0d", scope: "ne", trust: 0.3, vendor: "sgi", version: "2.6", }, { model: "ipso", scope: "ne", trust: 0.3, vendor: "nokia", version: "3.4.2", }, { model: "ucd-snmp", scope: "ne", trust: 0.3, vendor: "net snmp", version: "4.2.2", }, { model: "solutions router ip console", scope: "ne", trust: 0.3, vendor: "innerdive", version: "3.3.0.407", }, { model: "jetdirect", scope: "ne", trust: 0.3, vendor: "hp", version: "x.21.00", }, { model: "jetdirect", scope: "ne", trust: 0.3, vendor: "hp", version: "x.08.32", }, { model: "ios 12.0 wc 2900xl-lre", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.1", }, { model: "cbos a", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.1", }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "4700", }, { model: "ios 12.2 yb", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3.7", }, { model: "as5850", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xk2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.1", }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "1000", }, { model: "ios 12.1aa", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xe2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 ca1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 0.3, vendor: "cisco", version: "30003.1.2", }, { model: "ios 12.0s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "hosting solution engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.3", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.1(4.206)", }, { model: "netranger sensor", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 yc2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "12.2", }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.0", }, { model: "as5200", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xa", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1da", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "vg248 analog phone gateway", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 yf", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2gs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ics", scope: "eq", trust: 0.3, vendor: "cisco", version: "7750", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.4(8)", }, { model: "ios 12.0 wt6", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.5.1", }, { model: "traffic director", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ons optical transport platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "154543.1.0", }, { model: "ios 12.1 e5", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 b2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 t3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.3", }, { model: "ios 12.0 xn", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 ya2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "as5300", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 s3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "icdn software", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.0", }, { model: "vpn concentrator", scope: "eq", trust: 0.3, vendor: "cisco", version: "30002.0", }, { model: "cbos b", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.4.2", }, { model: "ios 11.1 cc4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst 4840g", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.1 aa4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "11.2", }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "39203.0(7)", }, { model: "secure ids network sensor", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.0", }, { model: "ios 12.2 mx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "7100", }, { model: "cva120", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 xt3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst native mode", scope: "eq", trust: 0.3, vendor: "cisco", version: "6000", }, { model: "content engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "560", }, { model: "ios 12.1 ea1e", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 xq", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2sa", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 yh", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2b", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "1005", }, { model: "ons optical transport platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "154543.2.0", }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3.5.015", }, { model: "ios 12.2 mx1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.3(1.200)", }, { model: "bpx/igx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "call manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.3", }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "12000", }, { model: "content distribution manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4670", }, { model: "ap340", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 xf", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "10700", }, { model: "css11000 content services switch", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "11.1", }, { model: "ios 12.1 xi", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "distributed director", scope: "eq", trust: 0.3, vendor: "cisco", version: "2501", }, { model: "ios 12.1ec", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "intelligent contact manager", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "6.0(1)", }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "3000", }, { model: "ios 12.1 yi1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst 2948g", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 da", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "switchprobe", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.6", }, { model: "ios 12.1 ew", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.4(7.202)", }, { model: "ios 12.2 xd", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 ya", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "local director", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2bx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 da1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios", scope: "ne", trust: 0.3, vendor: "cisco", version: "12.1(5)xv5", }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "4232", }, { model: "ios 12.1 ec", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "user registration tool vlan policy server", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 dd3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "hosting solution engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.0", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2(1)", }, { model: "ios 11.1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "igx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 t4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst 8540csr", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "mgx-8240", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2dd", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0st", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 w5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "7010", }, { model: "unity server", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xf", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst hybrid mode", scope: "eq", trust: 0.3, vendor: "cisco", version: "6000", }, { model: "ios 12.0 wc3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.3(1)", }, { model: "icdn software", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.0", }, { model: "snmpc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 0.3, vendor: "cisco", version: "30003.0.4", }, { model: "ios 12.0 st5", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0w5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2bc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "11.0", }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2", }, { model: "ios 12.0 sl4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst network analysis module", scope: "eq", trust: 0.3, vendor: "cisco", version: "6000", }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3.2", }, { model: "ios 12.2t", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xb3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 db2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "mgx", scope: "eq", trust: 0.3, vendor: "cisco", version: "82301.2.10", }, { model: "ios 12.1 ey", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 s5", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "call manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.0", }, { model: "ios 12.0 xs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ons optical transport platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "154543.4", }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.5", }, { model: "content engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "590", }, { model: "ios 12.2s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.2", }, { model: "mgx", scope: "eq", trust: 0.3, vendor: "cisco", version: "82501.2.10", }, { model: "catalyst msm", scope: "eq", trust: 0.3, vendor: "cisco", version: "6000", }, { model: "nsp", scope: "eq", trust: 0.3, vendor: "cisco", version: "6400", }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.4", }, { model: "ios 12.1 yd", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "info center", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.4", }, { model: "ios 12.0 wx5", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 yc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 e8", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "mgx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "arrowpoint cs11000", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "secure ids host sensor", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.0", }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "2950", }, { model: "ios 11.1 ct", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 yb", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 e", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ubr7200", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xw", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.2.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "11.3", }, { model: "ios 12.2bc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.1ia", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst 8540msr", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ons optical transport platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "154544.0(1)", }, { model: "ios", scope: "ne", trust: 0.3, vendor: "cisco", version: "12.1(5)xv4", }, { model: "ios 12.1 t12", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "microswitch", scope: "eq", trust: 0.3, vendor: "cisco", version: "1548", }, { model: "ios 12.1 e12", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.1", }, { model: "ios 12.0 sx", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "access registrar", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "4000", }, { model: "ios 12.0 st", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst 8510csr", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xs1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "bpx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 ea2b", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 xz7", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 b4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "2920", }, { model: "ios 12.1 ea1b", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2p", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xk3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "switchprobe", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.7", }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "2600", }, { model: "as5800", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2 p2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "6200", }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "1700", }, { model: "content engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "507", }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "7000", }, { model: "ios 12.1 e7", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 0.3, vendor: "cisco", version: "30003.5.1", }, { model: "ios 12.2 t1a", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "call manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.1(2)", }, { model: "ios 12.2 xa5", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.4.1", }, { model: "ios 12.1 ew1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 sp1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1db", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.1ca", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3.053", }, { model: "catalyst 2948g-l3", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "2900", }, { model: "ios 12.2 mb3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "call manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.0", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2(2)", }, { model: "switchprobe", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "ios 12.2 t0a", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.7", }, { model: "ios 12.0 wc2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ap350", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 dx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 sl6", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "as5400", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0sp", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst xl", scope: "eq", trust: 0.3, vendor: "cisco", version: "3500", }, { model: "ios 12.0 wc2b", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "1400", }, { model: "ios 12.1 yb5", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xn1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 0.3, vendor: "cisco", version: "30003.1.1", }, { model: "ios 12.1 e6", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.3(3)", }, { model: "bts", scope: "eq", trust: 0.3, vendor: "cisco", version: "10200", }, { model: "ios 12.0 sx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3.8", }, { model: "ubr900", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.3(2)", }, { model: "ios 12.2 xb4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.1aa", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "switchprobe", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.1", }, { model: "ios 12.0 t2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xg", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2(7)", }, { model: "ios 12.1 xm", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2 sa6", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "sc2200/vsc3000", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "wan manager", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xu", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xm2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 aa1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xp", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xh2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0wx", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xf", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "12.0", }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "6400", }, { model: "infocenter", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.2(5)", }, { model: "cache engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "570", }, { model: "call manager", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xa1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 sc3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 e4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2 bc1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 ex", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 ea1", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 xt", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "mgx-8260", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.3", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2(6)", }, { model: "switchprobe", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vpn concentrator", scope: "eq", trust: 0.3, vendor: "cisco", version: "30003.1.4", }, { model: "ios 12.1 yi", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 0.3, vendor: "cisco", version: "30003.0", }, { model: "ios 12.2 xj1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 bc1a", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.0", }, { model: "ios 12.1 xm7", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.3t", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xe", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall b", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1.6", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.0", }, { model: "ios 12.1 ya", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "content router", scope: "eq", trust: 0.3, vendor: "cisco", version: "4430", }, { model: "catalyst supervisor module", scope: "eq", trust: 0.3, vendor: "cisco", version: "6000", }, { model: "ap352", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "7600", }, { model: "internet cdn content engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "7320", }, { model: "ios 12.1e", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.4.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "12.0(7)xv", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2(3.210)", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.2", }, { model: "ios", scope: "ne", trust: 0.3, vendor: "cisco", version: "12.1(13)", }, { model: "ios 12.2da", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "cache engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "505", }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.0.1", }, { model: "catalyst xl", scope: "eq", trust: 0.3, vendor: "cisco", version: "2900", }, { model: "netranger", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1dc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "call manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.0", }, { model: "ios 12.1 ex3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.4", }, { model: "ios 12.0sl", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "call manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.2", }, { model: "br350", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "5000", }, { model: "ios 12.2 xt3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "content delivery manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4650", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "6.0", }, { model: "ios 12.0 st3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "12.1(5)xv", }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "4500", }, { model: "ios 12.2 xw1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 da3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "br352", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xu2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.0", }, { model: "ons optical transport platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "154543.0", }, { model: "ons metro edge optical transport platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "15327", }, { model: "ios 12.2 xk", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 ey3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "microhub", scope: "eq", trust: 0.3, vendor: "cisco", version: "1500", }, { model: "ios 12.2 t", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 yf4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 s4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 yh3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "content engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "7320", }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.1", }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3", }, { model: "ios 12.0sc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "4232-13", }, { model: "ios 11.0", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst msfc2", scope: "eq", trust: 0.3, vendor: "cisco", version: "6000", }, { model: "mgx-8220", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "element management framework", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xh", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "3600", }, { model: "catalyst 4908g-l3", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "wgb340", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ciscoworks windows/wug", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "switchprobe", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.5", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2(5)", }, { model: "switchprobe", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.2", }, { model: "call manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.0", }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2", }, { model: "ios 12.0 s2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "mgx-8850 r1", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 st4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.2 gs6", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "mgx", scope: "eq", trust: 0.3, vendor: "cisco", version: "82501.2.11", }, { model: "ios 12.0 xf1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3.5", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.2.1", }, { model: "rsfc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.3db", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "building broadband service manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.0.1", }, { model: "ios 12.1 ec1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.1 ia", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ws-x6624", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 ea2a", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 yd6", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "vpn concentrator", scope: "eq", trust: 0.3, vendor: "cisco", version: "30003.5", }, { model: "ios 11.1 ca2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "icdn software", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.1", }, { model: "secure pix firewall", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "7500", }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "3200", }, { model: "ios 12.2 xi1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "mgx", scope: "eq", trust: 0.3, vendor: "cisco", version: "82301.2.11", }, { model: "switchprobe", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.1", }, { model: "wgb352", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xt", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "cat6k nam", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "br340", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 xf5", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "fasthub", scope: "eq", trust: 0.3, vendor: "cisco", version: "4001.0", }, { model: "ios 12.2 xi", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "12.1", }, { model: "ios 12.1 ea2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2mb", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "rsm", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0wt", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "nrp", scope: "eq", trust: 0.3, vendor: "cisco", version: "6400", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1.6", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.1.4", }, { model: "ws-x6608", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 by2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "1600", }, { model: "ios 12.1 xz", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xl4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xs?", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3.9", }, { model: "catalyst 8510msr", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xm1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xm", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "2500", }, { model: "ios 12.2 ya1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "service expansion shelf", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xn", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 s", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst msfc", scope: "eq", trust: 0.3, vendor: "cisco", version: "6000", }, { model: "ons optical transport platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "154543.3", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.3", }, { model: "ios 12.0 xe1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "iad", scope: "eq", trust: 0.3, vendor: "cisco", version: "8110", }, { model: "ios 12.1 ex4", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 xe2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "4000", }, { model: "ios 12.1 e9", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xm", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0t", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.0", }, { model: "ios 11.1ct", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "call manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "3.3(3)", }, { model: "ios 12.1 xp", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "7300", }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "3550", }, { model: "ios 12.1t", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "mgx-8850 r2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xd3", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 ea1a", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "internet cdn content engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "590", }, { model: "ciscoworks windows", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.1 aa", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.4.2", }, { model: "ios 12.2 xk2", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "esr", scope: "eq", trust: 0.3, vendor: "cisco", version: "10000", }, { model: "ls1010 atm switch", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0 dc1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.3.7.002", }, { model: "content router", scope: "eq", trust: 0.3, vendor: "cisco", version: "4450", }, { model: "ios 12.1 xi8", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: "catalyst", scope: "eq", trust: 0.3, vendor: "cisco", version: "3900", }, { model: "ios 11.3 db1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "800", }, { model: "mc3810", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 by", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "as5350", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 11.1cc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xj", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.2 xb", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "cisco", version: "7200", }, { model: "content delivery manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "4630", }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.4(4)", }, { model: "catalyst 4912g", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ios 12.0db", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "intelligent contact manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.0", }, { model: "cbos ap", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.4.2", }, { model: "ios 12.0dc", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos a", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.1", }, { model: "ios 12.2 xl", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ubr10000", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "pix firewall", scope: "eq", trust: 0.3, vendor: "cisco", version: "6.0(2)", }, { model: "ios 12.2 xs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "cbos", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.1", }, ], sources: [ { db: "CERT/CC", id: "VU#107186", }, { db: "CERT/CC", id: "VU#854306", }, { db: "BID", id: "4732", }, { db: "BID", id: "4089", }, { db: "BID", id: "4132", }, { db: "CNNVD", id: "CNNVD-200205-001", }, { db: "NVD", id: "CVE-1999-1570", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Discovered by the Oulu University Secure Programming Group.", sources: [ { db: "BID", id: "4089", }, { db: "BID", id: "4132", }, ], trust: 0.6, }, cve: "CVE-1999-1570", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CVE-1999-1570", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-1999-1570", trust: 1, value: "HIGH", }, { author: "CARNEGIE MELLON", id: "VU#107186", trust: 0.8, value: "69.26", }, { author: "CARNEGIE MELLON", id: "VU#854306", trust: 0.8, value: "42.64", }, { author: "CNNVD", id: "CNNVD-200205-001", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CERT/CC", id: "VU#107186", }, { db: "CERT/CC", id: "VU#854306", }, { db: "CNNVD", id: "CNNVD-200205-001", }, { db: "NVD", id: "CVE-1999-1570", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. \nThe resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. SNMP requests are messages sent from manager to agent systems. They typically poll the agent for current performance or configuration information, ask for the next SNMP object in a Management Information Base (MIB), or modify the configuration settings of the agent. \nMultiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. \nAmong the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. \nIt is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2002-03: Multiple Vulnerabilities in Many\nImplementations of the Simple Network Management Protocol (SNMP)\n\n Original release date: February 12, 2002\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n\nSystems Affected\n\n Products from a very wide variety of vendors may be affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from\n http://www.kb.cert.org/vuls/id/854306\n http://www.kb.cert.org/vuls/id/107186 \n\n Many other systems making use of SNMP may also be vulnerable but were\n not specifically tested. \n\n In addition to this advisory, we also have an FAQ available at\n http://www.cert.org/tech_tips/snmp_faq.html\n\nI. Description\n\n The Simple Network Management Protocol (SNMP) is a widely deployed\n protocol that is commonly used to monitor and manage network devices. \n Version 1 of the protocol (SNMPv1) defines several types of SNMP\n messages that are used to request information or configuration\n changes, respond to requests, enumerate SNMP objects, and send\n unsolicited alerts. The Oulu University Secure Programming Group\n (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous\n vulnerabilities in SNMPv1 implementations from many different vendors. \n More information about SNMP and OUSPG can be found in Appendix C\n\n OUSPG's research focused on the manner in which SNMPv1 agents and\n managers handle request and trap messages. A trap message\n may indicate a warning or error condition or otherwise notify the\n manager about the agent's state. Request\n messages might be issued to obtain information from an agent or to\n instruct the agent to configure the host device. \n\n Vulnerabilities in the decoding and subsequent processing of SNMP\n messages by both managers and agents may result in denial-of-service\n conditions, format string vulnerabilities, and buffer overflows. Some\n vulnerabilities do not require the SNMP message to use the correct\n SNMP community string. \n\n These vulnerabilities have been assigned the CVE identifiers\n CAN-2002-0012 and CAN-2002-0013, respectively. \n\nII. \n\nIII. Solution\n\n Note that many of the mitigation steps recommended below may have\n significant impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\nApply a patch from your vendor\n\n Appendix A contains information provided by vendors for this advisory. \n Please consult this appendix to determine if you need to contact your\n vendor directly. \n\nDisable the SNMP service\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required, including SNMP. \n Unfortunately, some of the affected products exhibited unexpected\n behavior or denial of service conditions when exposed to the OUSPG\n test suite even if SNMP was not enabled. In these cases, disabling\n SNMP should be used in conjunction with the filtering practices listed\n below to provide additional protection. \n\nIngress filtering\n\n As a temporary measure, it may be possible to limit the scope of these\n vulnerabilities by blocking access to SNMP services at the network\n perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a network\n under your administrative control. Servers are typically the only\n machines that need to accept inbound traffic from the public Internet. \n In the network usage policy of many sites, there are few reasons for\n external hosts to initiate inbound traffic to machines that provide no\n public services. Thus, ingress filtering should be performed at the\n border to prohibit externally initiated inbound traffic to\n non-authorized services. For SNMP, ingress filtering of the following\n ports can prevent attackers outside of your network from impacting\n vulnerable devices in the local network that are not explicitly\n authorized to provide public SNMP services. \n\n snmp 161/udp # Simple Network Management Protocol (SNMP)\n snmp 162/udp # SNMP system management messages\n\n The following services are less common, but may be used on some\n affected products\n\n snmp 161/tcp # Simple Network Management Protocol\n (SNMP)\n snmp 162/tcp # SNMP system management messages\n smux 199/tcp # SNMP Unix Multiplexer\n smux 199/udp # SNMP Unix Multiplexer\n synoptics-relay 391/tcp # SynOptics SNMP Relay Port\n synoptics-relay 391/udp # SynOptics SNMP Relay Port\n agentx 705/tcp # AgentX\n snmp-tcp-port 1993/tcp # cisco SNMP TCP port\n snmp-tcp-port 1993/udp # cisco SNMP TCP port\n\n As noted above, you should carefully consider the impact of blocking\n services that you may be using. \n\n It is important to note that in many SNMP implementations, the SNMP\n daemon may bind to all IP interfaces on the device. This has important\n consequences when considering appropriate packet filtering measures\n required to protect an SNMP-enabled device. For example, even if a\n device disallows SNMP packets directed to the IP addresses of its\n normal network interfaces, it may still be possible to exploit these\n vulnerabilities on that device through the use of packets directed at\n the following IP addresses:\n * \"all-ones\" broadcast address\n * subnet broadcast address\n * any internal loopback addresses (commonly used in routers for\n management purposes, not to be confused with the IP stack loopback\n address 127.0.0.1)\n\n Careful consideration should be given to addresses of the types\n mentioned above by sites planning for packet filtering as part of\n their mitigation strategy for these vulnerabilities. \n\n Finally, sites may wish to block access to the following RPC services\n related to SNMP (listed as name, program ID, alternate names)\n\n snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys\n snmp-utk\n snmpv2 100138 na.snmpv2 # SNM Version 2.2.2\n snmpXdmid 100249\n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\nFilter SNMP traffic from non-authorized internal hosts\n\n In many networks, only a limited number of network management systems\n need to originate SNMP request messages. This can reduce, but not wholly eliminate, the\n risk from internal attacks. However, it may have detrimental effects\n on network performance due to the increased load imposed by the\n filtering, so careful consideration is required before implementation. \n Similar caveats to the previous workaround regarding broadcast and\n loopback addresses apply. \n\nChange default community strings\n\n Most SNMP-enabled products ship with default community strings of\n \"public\" for read-only access and \"private\" for read-write access. As\n with any known default access control mechanism, the CERT/CC\n recommends that network administrators change these community strings\n to something of their own choosing. However, even when community\n strings are changed from their defaults, they will still be passed in\n plaintext and are therefore subject to packet sniffing attacks. SNMPv3\n offers additional capabilities to ensure authentication and privacy as\n described in RFC2574. \n\n Because many of the vulnerabilities identified in this advisory occur\n before the community strings are evaluated, it is important to note\n that performing this step alone is not sufficient to mitigate the\n impact of these vulnerabilities. Nonetheless, it should be performed\n as part of good security practice. \n\nSegregate SNMP traffic onto a separate management network\n\n In situations where blocking or disabling SNMP is not possible,\n exposure to these vulnerabilities may be limited by restricting all\n SNMP access to separate, isolated management networks that are not\n publicly accessible. Although this would ideally involve physically\n separate networks, that kind of separation is probably not feasible in\n most environments. Mechanisms such as virtual LANs (VLANs) may be used\n to help segregate traffic on the same physical network. Note that\n VLANs may not strictly prevent an attacker from exploiting these\n vulnerabilities, but they may make it more difficult to initiate the\n attacks. \n\n Another option is for sites to restrict SNMP traffic to separate\n virtual private networks (VPNs), which employ cryptographically strong\n authentication. \n\n Note that these solutions may require extensive changes to a site's\n network architecture. \n\nEgress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need for\n machines providing public services to initiate outbound traffic to the\n Internet. In the case of SNMP vulnerabilities, employing egress\n filtering on the ports listed above at your network border can prevent\n your network from being used as a source for attacks on other sites. \n\nDisable stack execution\n\n Disabling executable stacks (on systems where this is configurable)\n can reduce the risk of \"stack smashing\" attacks based on these\n vulnerabilities. Although this does not provide 100 percent protection\n against exploitation of these vulnerabilities, it makes the likelihood\n of a successful exploit much smaller. On many UNIX systems, executable\n stacks can be disabled by adding the following lines to /etc/system:\n\n set noexec_user_stack = 1 set noexec_user_stack_log = 1\n\n Note that this may go against the SPARC and Intel ABIs and can be\n bypassed as required in programs with mprotect(2). For the changes to\n take effect you will then need to reboot. \n\n Other operating systems and architectures also support the disabling\n of executable stacks either through native configuration parameters or\n via third-party software. Consult your vendor(s) for additional\n information. \n\nShare tools and techniques\n\n Because dealing with these vulnerabilities to systems and networks is\n so complex, the CERT/CC will provide a forum where administrators can\n share ideas and techniques that can be used to develop proper\n defenses. We have created an unmoderated mailing list for system and\n network administrators to discuss helpful techniques and tools. \n\n You can subscribe to the mailing list by sending an email message to\n majordomo@cert.org. In the body of the message, type\n\n subscribe snmp-forum\n\n After you receive the confirmation message, follow the instructions in\n the message to complete the subscription process. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\nAdventNet\n\n This is in reference to your notification regarding [VU#107186 and\n VU#854306] and OUSPG#0100. AdventNet Inc. has reproduced this\n behavior in their products and coded a Service Pack fix which is\n currently in regression testing in AdventNet Inc.'s Q.A. \n organization. The release of AdventNet Inc's. Service Pack\n correcting the behavior outlined in VU#617947, and OUSPG#0100 is\n scheduled to be generally available to all of AdventNet Inc.'s\n customers by February 20, 2002. \n\nAvaya\n\n Avaya Inc. No further information is available at this time. \n\nCacheFlow\n\n The purpose of this email is to advise you that CacheFlow Inc. has\n provided a software update. Please be advised that updated versions\n of the software are now available for all supported CacheFlow\n hardware platforms, and may be obtained by CacheFlow customers at\n the following URL:\n\n http://download.cacheflow.com/\n\n The specific reference to the software update is contained within the\n Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15\n Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149. \n\n RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS:\n * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm\n\n RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS:\n * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm\n * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm\n * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm\n\n * SR 1-1647517, VI 13045: This update modified a potential\n vulnerability by using an SNMP test tools exploit. \n\n3Com Corporation\n\n A vulnerability to an SNMP packet with an invalid length community\n string has been resolved in the following products. Customers\n concerned about this weakness should ensure that they upgrade to\n the following agent versions:\n PS Hub 40\n 2.16 is due Feb 2002\n PS Hub 50\n 2.16 is due Feb 2002\n Dual Speed Hub\n 2.16 is due Jan 2002\n Switch 1100/3300\n 2.68 is available now\n Switch 4400\n 2.02 is available now\n Switch 4900\n 2.04 is available now\n WebCache1000/3000\n 2.00 is due Jan 2002\n\nCaldera\n\n Caldera International, Inc. has reproduced faulty behavior in\n Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX\n 8. We have coded a software fix for supported versions of Caldera\n UnixWare 7 and Caldera Open UNIX 8 that will be available from\n our support site at http://stage.caldera.com/support/security\n immediately following the publication of this CERT announcement. A\n fix for supported versions of OpenServer 5 will be available at a\n later date. \n\nCisco Systems\n\n Cisco Systems is addressing the vulnerabilities identified by\n VU#854306 and VU#107186 across its entire product line. Cisco will\n publish a security advisory with further details at\n http://www.cisco.com/go/psirt/. \n\nCompaq Computer Corporation\n\n x-ref: SSRT0779U SNMP\n At the time of writing this document, COMPAQ continues to evaluate\n this potential problem and when new versions of SNMP are available,\n COMPAQ will implement solutions based on the new code. Compaq will\n provide notice of any new patches as a result of that effort\n through standard patch notification procedures and be available\n from your normal Compaq Services support channel. \n\nComputer Associates\n\n Computer Associates has confirmed Unicenter vulnerability to the\n SNMP advisory identified by CERT notification reference [VU#107186\n & VU#854306] and OUSPG#0100. We have produced corrective\n maintenance to address these vulnerabilities, which is in the\n process of publication for all applicable releases / platforms and\n will be offered through the CA Support site. Please contact our\n Technical Support organization for information regarding\n availability / applicability for your specific configuration(s). \n\nCOMTEK Services, Inc. \n\n NMServer for AS/400 is not an SNMP master and is therefore not\n vulnerable. However this product requires the use of the AS/400\n SNMP master agent supplied by IBM. \n\n NMServer for OpenVMS has been tested and has shown to be\n vulnerable. COMTEK Services is preparing a new release of this\n product (version 3.5) which will contain a fix for this problem. \n This new release is scheduled to be available in February 2002. \n Contact COMTEK Services for further information. \n\n NMServer for VOS has not as yet been tested; vulnerability of this\n agent is unknown. Contact for further information on the testing\n schedule of the VOS product. \n\nCovalent Technologies\n\n Covalent Technologies ERS (Enterprise Ready Server), Secure Server,\n and Conductor SNMP module are not vulnerable according to testing\n performed in accordance with CERT recommendations. Security\n information for Covalent products can be found at www.covalent.net\n\nDartware, LLC\n\n Dartware, LLC (www.dartware.com) supplies two products that use\n SNMPv1 in a manager role, InterMapper and SNMP Watcher. This statement applies to all present\n and past versions of these two software packages. \n\nDMH Software\n\n DMH Software is in the process of evaluating and attempting to\n reproduce this behavior. \n It is unclear at this point if our snmp-agent is sensitive to the\n tests described above. \n If any problems will be discovered, DMH Software will code a\n software fix. \n The release of DMH Software OS correcting the behavior outlined in\n VU#854306, VU#107186, and OUSPG#0100 will be generally available to\n all of DMH Software's customers as soon as possible. \n\nEnGarde Secure Linux\n\n EnGarde Secure Linux did not ship any SNMP packages in version\n 1.0.1 of our distribution, so we are not vulnerable to either bug. \n\nFreeBSD\n\n FreeBSD does not include any SNMP software by default, and so is\n not vulnerable. However, the FreeBSD Ports Collection contains the\n UCD-SNMP / NET-SNMP package. Package versions prior to\n ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release\n will ship the corrected version of the UCD-SNMP / NET-SNMP\n package. In addition, the corrected version of the packages is\n available from the FreeBSD mirrors. \n\n FreeBSD has issued the following FreeBSD Security Advisory\n regarding the UCD-SNMP / NET-SNMP package:\n ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. \n snmp.asc. \n\nHewlett-Packard Company\n\n SUMMARY - known vulnerable:\n ========================================\n hp procurve switch 2524\n NNM (Network Node Manager)\n JetDirect Firmware (Older versions only)\n HP-UX Systems running snmpd or OPENVIEW\n MC/ServiceGuard\n EMS\n Still under investigation:\n SNMP/iX (MPE/iX)\n ========================================\n _________________________________________________________\n ---------------------------------------------------------\n hp procurve switch 2524 \n ---------------------------------------------------------\n hp procurve switch 2525 (product J4813A) is vulnerable to some\n issues, patches in process. Watch for the associated HP\n Security Bulletin. \n ---------------------------------------------------------\n NNM (Network Node Manager)\n ---------------------------------------------------------\n Some problems were found in NNM product were related to\n trap handling. Patches in process. Watch for the\n associated HP Security Bulletin. \n ---------------------------------------------------------\n JetDirect Firmware (Older versions only)\n ---------------------------------------------------------\n ONLY some older versions of JetDirect Firmware are\n vulnerable to some of the issues. The older firmware\n can be upgraded in most cases, see list below. \n JetDirect Firmware Version State\n ========================== =====\n X.08.32 and higher NOT Vulnerable\n X.21.00 and higher NOT Vulnerable\n JetDirect Product Numbers that can be freely\n upgraded to X.08.32 or X.21.00 or higher firmware. \n EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)\n J3110A 10T\n J3111A 10T/10B2/LocalTalk\n J3112A Token Ring (discontinued)\n J3113A 10/100 (discontinued)\n J4169A 10/100\n J4167A Token Ring\n MIO (Peripherals LaserJet 4, 4si, 5si, etc...)\n J2550A/B 10T (discontinued)\n J2552A/B 10T/10Base2/LocalTalk (discontinued)\n J2555A/B Token Ring (discontinued)\n J4100A 10/100\n J4105A Token Ring\n J4106A 10T\n External Print Servers\n J2591A EX+ (discontinued)\n J2593A EX+3 10T/10B2 (discontinued)\n J2594A EX+3 Token Ring (discontinued)\n J3263A 300X 10/100\n J3264A 500X Token Ring\n J3265A 500X 10/100\n ----------------------------------------------------------\n HP-UX Systems running snmpd or OPENVIEW\n ----------------------------------------------------------\n The following patches are available now:\n PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch\n PHSS_26138 s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch\n PSOV_03087 EMANATE Release 14.2 Solaris 2.X Agent Consolidated\n Patch\n All three patches are available from:\n http://support.openview.hp.com/cpe/patches/\n In addition PHSS_26137 and PHSS_26138 will soon be available from:\n http://itrc.hp.com\n ================================================================\n NOTE: The patches are labeled OV(Open View). However, the patches\n are also applicable to systems that are not running Open View. \n =================================================================\n Any HP-UX 10.X or 11.X system running snmpd or snmpdm is\n vulnerable. \n To determine if your HP-UX system has snmpd or snmpdm installed:\n swlist -l file | grep snmpd\n If a patch is not available for your platform or you cannot install\n an available patch, snmpd and snmpdm can be disabled by removing\n their\n entries from /etc/services and removing the execute permissions\n from\n /usr/sbin/snmpd and /usr/sbin/snmpdm. \n ----------------------------------------------------------------\n Investigation completed, systems vulnerable. \n ----------------------------------------------------------------\n MC/ServiceGuard\n Event Monitoring System (EMS)\n ----------------------------------------------------------------\n Still under investigation:\n ----------------------------------------------------------------\n SNMP/iX (MPE/iX)\n\nHirschmann Electronics GmbH & Co. KG\n\n Hirschmann Electronics GmbH & Co. KG supplies a broad range of\n networking products, some of which are affected by the SNMP\n vulnerabilities identified by CERT Coordination Center. Hirschmann customers may contact our Competence\n Center (phone +49-7127-14-1538, email:\n ans-support@nt.hirschmann.de) for additional information,\n especially regarding availability of latest firmware releases\n addressing the SNMP vulnerabilities. \n\nIBM Corporation\n\n Based upon the results of running the test suites we have\n determined that our version of SNMP shipped with AIX is NOT\n vulnerable. \n\nInnerdive Solutions, LLC\n\n Innerdive Solutions, LLC has two SNMP based products:\n 1. The \"SNMP MIB Scout\"\n (http://www.innerdive.com/products/mibscout/)\n 2. The \"Router IP Console\" (http://www.innerdive.com/products/ric/)\n The \"SNMP MIB Scout\" is not vulnerable to either bug. \n The \"Router IP Console\" releases prior to 3.3.0.407 are vulnerable. \n The release of \"Router IP Console\" correcting the behavior outlined\n in OUSPG#0100 is 3.3.0.407 and is already available on our site. \n Also, we will notify all our customers about this new release no\n later than March 5, 2002. \n\nJuniper Networks\n\n This is in reference to your notification regarding CAN-2002-0012\n and CAN-2002-0013. Juniper Networks has reproduced this behavior\n and coded a software fix. The fix will be included in all releases\n of JUNOS Internet software built after January 5, 2002. Customers\n with current support contracts can download new software with the\n fix from Juniper's web site at www.juniper.net. \n Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can\n only be reproduced in JUNOS Internet software if certain tracing\n options are enabled. These options are generally not enabled in\n production routers. \n\nLantronix, Inc. \n\n Lantronix is committed to resolving security issues with our\n products. The SNMP security bug you reported has been fixed in LRS\n firmware version B1.3/611(020123). \n\nLotus Development Corporation\n\n Lotus Software evaluated the Lotus Domino Server for\n vulnerabilities using the test suite materials provided by OUSPG. \n This problem does not affect default installations of the Domino\n Server. However, SNMP agents can be installed from the CD to\n provide SNMP services for the Domino Server (these are located in\n the /apps/sysmgmt/agents directory). The optional platform\n specific master and encapsulator agents included with the Lotus\n Domino SNMP Agents for HP-UX and Solaris have been found to be\n vulnerable. For those platforms, customers should upgrade to\n version R5.0.1 a of the Lotus Domino SNMP Agents, available for\n download from the Lotus Knowledge Base on the IBM Support Web Site\n (http://www.ibm.com/software/lotus/support/). Please refer to\n Document #191059, \"Lotus Domino SNMP Agents R5.0.1a\", also in the\n Lotus Knowledge Base, for more details. \n\nLOGEC Systems Inc\n\n The products from LOGEC Systems are exposed to SNMP only via HP\n OpenView. We do not have an implementation of SNMP ourselves. As\n such, there is nothing in our products that would be an issue with\n this alert. \n\nLucent\n\n Lucent is aware of reports that there is a vulnerability in certain\n implementations of the SNMP (Simple Network Management Protocol)\n code that is used in data switches and other hardware throughout\n the telecom industry. \n As soon as we were notified by CERT, we began assessing our product\n portfolio and notifying customers with products that might be\n affected. \n Our 5ESS switch and most of our optical portfolio were not\n affected. Our core and edge ATM switches and most of our edge\n access products are affected, but we have developed, tested, and\n deployed fixes for many of those products to our customers. \n We consider the security and reliability of our customers' networks\n to be one of our critical measures of success. We take every\n reasonable measure to ensure their satisfaction. \n In addition, we are working with customers on ways to further\n enhance the security they have in place today. \n\nMarconi\n\n Marconi supplies a broad range of telecommunications and related\n products, some of which are affected by the SNMP vulnerabilities\n identified here. Those\n Marconi customers with support entitlement may contact the\n appropriate Technical Assistance Center (TAC) for additional\n information. Those not under support entitlement may contact their\n sales representative. \n\nMicrosoft Corporation\n\n The Microsoft Security Reponse [sic] Center has investigated this\n issue, and provides the following information. The SNMP v1 service is not installed or running by\n default on any version of Windows. A patch is underway to eliminate\n the vulnerability. In the meantime, we recommend that affected\n customers disable the SNMP v1 service. \n\n Details:\n An SNMP v1 service ships on the CDs for Windows 95, 98, and 98SE. \n It is not installed or running by default on any of these\n platforms. An SNMP v1 is NOT provided for Windows ME. However, it\n is possible that Windows 98 machines which had the service\n installed and were upgraded would still have the service. Since\n SNMP is not supported for WinME, customers in this situation are\n urged to remove the SNMP service. \n An SNMP v1 service is available on Windows NT 4.0 (including\n Terminal Server Edition) and Windows 2000 but is not installed or\n running by default on any of these platforms.Windows XP does not\n ship with an SNMP v1 service. \n\n Remediation:\n A patch is underway for the affected platforms, and will be\n released shortly. In the meantime, Microsoft recommends that\n customers who have the SNMP v1 service running disable it to\n protect their systems. Following are instruction for doing this:\n\n Windows 95, 98 and 98SE:\n 1. In Control Panel, double-click Network. \n 2. On the Configuration tab, select Microsoft SNMP Agent from the\n list of installed components. \n 3. Click Remove\n\n Check the following keys and confirm that snmp.exe is not listed. \n HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunSer\n vices\n HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\n \n For Windows XP:\n 1. Right-click on My Computer and select Manage\n 2. Click on Services and Applications, then on Services\n 3. Location SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close the Computer\n Management window. \n \n For Windows NT 4.0 (including Terminal Server Edition):\n 1. Select Start, then Settings. \n 2. Select Control Panel, then click on the Services Icon\n 3. Locate SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close Control Panel\n\n Windows 2000:\n 1. Right-click on My Computer and select Manage\n 2. Click on Services and Applications, then on Services\n 3. Location SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close the Computer\n Management window. \n\nMultinet\n\n MultiNet and TCPware customers should contact Process Software to\n check for the availability of patches for this issue. A couple of\n minor problems were found and fixed, but there is no security risk\n related to the SNMP code included with either product. \n\nNetaphor\n\n NETAPHOR SOFTWARE INC. is the creator of Cyberons for Java -- SNMP\n Manager Toolkit and Cyberons for Java -- NMS Application Toolkit,\n two Java based products that may be affected by the SNMP\n vulnerabilities identified here. The manner in which they are\n affected and the actions required (if any) to avoid being impacted\n by exploitation of these vulnerabilities, may be obtained by\n contacting Netaphor via email at info@netaphor.com Customers with\n annual support may contact support@netaphor.com directly. Those not\n under support entitlement may contact Netaphor sales:\n sales@netaphor.com or (949) 470 7955 in USA. \n\nNetBSD\n\n NetBSD does not ship with any SNMP tools in our 'base' releases. We\n do provide optional packages which provide various support for\n SNMP. These packages are not installed by default, nor are they\n currently provided as an install option by the operating system\n installation tools. A system administrator/end-user has to manually\n install this with our package management tools. These SNMP packages\n include:\n + netsaint-plugin-snmp-1.2.8.4 (SNMP monitoring plug-in for\n netsaint)\n + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)\n + p5-SNMP-3.1.0 (Perl5 module for interfacing to the UCD SNMP\n library\n + p5-SNMP_Session-0.83 (perl5 module providing rudimentary\n access to remote SNMP agents)\n + ucd-snmp-4.2.1 (Extensible SNMP implementation) (conflicts\n with ucd-snmp-4.1.2)\n + ucd-snmp-4.1.2 (Extensible SNMP implementation) (conflicts\n with ucd-snmp-4.2.1)\n\n We do provide a software monitoring mechanism called\n 'audit-packages', which allows us to highlight if a package with a\n range of versions has a potential vulnerability, and recommends\n that the end-user upgrade the packages in question. \n\nNetscape Communications Corporation\n\n Netscape continues to be committed to maintaining a high level of\n quality in our software and service offerings. Part of this\n commitment includes prompt response to security issues discovered\n by organizations such as the CERT Coordination Center. \n According to a recent CERT/CC advisory, The Oulu University Secure\n Programming Group (OUSPG) has reported numerous vulnerabilities in\n multiple vendor SNMPv1 implementations. \n We have carefully examined the reported findings, performing the\n tests suggested by the OUSPG to determine whether Netscape server\n products were subject to these vulnerabilities. It was determined\n that several products fell into this category. As a result, we have\n created fixes which will resolve the issues, and these fixes will\n appear in future releases of our product line. To Netscape's\n knowledge, there are no known instances of these vulnerabilities\n being exploited and no customers have been affected to date. \n When such security warnings are issued, Netscape has committed to -\n and will continue to commit to - resolving these issues in a prompt\n and timely fashion, ensuring that our customers receive products of\n the highest quality and security. \n\nNET-SNMP\n\n All ucd-snmp version prior to 4.2.2 are susceptible to this\n vulnerability and users of versions prior to version 4.2.2 are\n encouraged to upgrade their software as soon as possible\n (http://www.net-snmp.org/download/). Version 4.2.2 and higher are\n not susceptible. \n\nNetwork Associates\n\n PGP is not affected, impacted, or otherwise related to this VU#. \n\nNetwork Computing Technologies\n\n Network Computing Technologies has reviewed the information\n regarding SNMP vulnerabilities and is currently investigating the\n impact to our products. \n\nNokia\n\n This vulnerability is known to affect IPSO versions 3.1.3, 3.3,\n 3.3.1, 3.4, and 3.4.1. Patches are currently available for\n versions 3.3, 3.3.1, 3.4 and 3.4.1 for download from the Nokia\n website. In addition, version 3.4.2 shipped with the patch\n incorporated, and the necessary fix will be included in all future\n releases of IPSO. \n We recommend customers install the patch immediately or follow the\n recommended precautions below to avoid any potential exploit. \n If you are not using SNMP services, including Traps, simply disable\n the SNMP daemon to completely eliminate the potential\n vulnerability. \n If you are using only SNMP Traps and running Check Point\n FireWall-1, create a firewall policy to disallow incoming SNMP\n messages on all appropriate interfaces. Traps will continue to work\n normally. \n\nNortel Networks\n\n The CERT Coordination Center has issued a broad based alert to the\n technology industry, including Nortel Networks, regarding potential\n security vulnerabilities identified in the Simple Network\n Management Protocol (SNMP), a common networking standard. The\n company is working with CERT and other network equipment\n manufacturers, the U.S. Government, service providers, and software\n suppliers to assess and address this issue. \n\nNovell\n\n Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x\n and 6.0 systems. The SNMP and SNMPLOG vulnerabilities detected on\n NetWare are fixed and will be available through NetWare 6 Support\n Pack 1 & NetWare 5.1 Support Pack 4. Support packs are available at\n http://support.novell.com/tools/csp/\n\nOpenBSD\n\n OpenBSD does not ship SNMP code. \n\nQualcomm\n\n WorldMail does not support SNMP by default, so customers who run\n unmodified installations are not vulnerable. \n\nRedback Networks, Inc. \n\n Redback Networks, Inc. has identified that the vulnerability in\n question affects certain versions of AOS software on the SMS 500,\n SMS 1800, and SMS 10000 platforms, and is taking the appropriate\n steps necessary to correct the issue. \n\nRed Hat\n\n RedHat has released a security advisiory [sic] at\n http://www.redhat.com/support/errata/RHSA-2001-163.html\n with updated versions of the ucd-snmp package for all supported\n releases and architectures. For more information or to download the\n update please visit this page. \n\nSGI\n\n SGI acknowledges the SNMP vulnerabilities reported by CERT and is\n currently investigating. No further information is available at\n this time. \n For the protection of all our customers, SGI does not disclose,\n discuss or confirm vulnerabilities until a full investigation has\n occurred and any necessary patch(es) or release streams are\n available for all vulnerable and supported IRIX operating systems. \n Until SGI has more definitive information to provide, customers are\n encouraged to assume all security vulnerabilities as exploitable\n and take appropriate steps according to local site security\n policies and requirements. As further information becomes\n available, additional advisories will be issued via the normal SGI\n security information distribution methods including the wiretap\n mailing list on http://www.sgi.com/support/security/. \n\nSNMP Research International\n\n SNMP Research has made the following vendor statement. They are\n likely to revise and expand the statement as the date for the\n public vulnerability announcement draws nearer. Users maintaining\n earlier releases should update to the current release if they have\n not already done so. Up-to-date information is available from\n support@snmp.com. Other Stonesoft's products are\n still under investigation. As further information becomes\n available, additional advisories will be available at\n http://www.stonesoft.com/support/techcenter/\n\nSun Microsystems, Inc. \n\n Sun's SNMP product, Solstice Enterprise Agents (SEA), described\n here:\n http://www.sun.com/solstice/products/ent.agents/\n is affected by VU#854306 but not VU#107186. More specifically the\n main agent of SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. \n Sun is currently generating patches for this issue and will be\n releasing a Sun Security Bulletin once the patches are available. \n The bulletin will be available from:\n http://sunsolve.sun.com/security. Sun patches are available from:\n http://sunsolve.sun.com/securitypatch. \n\nSymantec Corporation\n\n Symantec Corporation has investigated the SNMP issues identified by\n the OUSPG test suite and determined that Symantec products are not\n susceptable [sic] to these issues. \n\nTANDBERG\n\n Tandberg have run all the testcases found the PROTOS test-suie\n [sic], c06snmpv1:\n 1. c06-snmpv1-trap-enc-pr1.jar\n 2. c06-snmpv1-treq-app-pr1.jar\n 3. c06-snmpv1-trap-enc-pr1.jar\n 4. c06-snmpv1-req-app-pr1.jar\n The tests were run with standard delay time between the requests\n (100ms), but also with a delay of 1ms. The tests applies to all\n TANDBERG products (T500, T880, T1000, T2500, T6000 and T8000). The\n software tested on these products were B4.0 (our latest software)\n and no problems were found when running the test suite. \n\nAppendix B. - References\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/854306\n 3. http://www.kb.cert.org/vuls/id/107186\n 4. http://www.cert.org/tech_tips/denial_of_service.html\n 5. http://www.ietf.org/rfc/rfc1067.txt\n 6. http://www.ietf.org/rfc/rfc1089.txt\n 7. http://www.ietf.org/rfc/rfc1140.txt\n 8. http://www.ietf.org/rfc/rfc1155.txt\n 9. http://www.ietf.org/rfc/rfc1156.txt\n 10. http://www.ietf.org/rfc/rfc1215.txt\n 11. http://www.ietf.org/rfc/rfc1270.txt\n 12. http://www.ietf.org/rfc/rfc1352.txt\n\nAppendix C. - Background Information\n\n Background Information on the OUSPG\n\n OUSPG is an academic research group located at Oulu University in\n Finland. The purpose of this research group is to test software\n for vulnerabilities. \n History has shown that the techniques used by the OUSPG have\n discovered a large number of previously undetected problems in the\n products and protocols they have tested. In 2001, the OUSPG\n produced a comprehensive test suite for evaluating implementations\n of the Lightweight Directory Access Protocol (LDAP). This test\n suite was developed with the strategy of abusing the protocol in\n unsupported and unexpected ways, and it was very effective in\n uncovering a wide variety of vulnerabilities across several\n products. This approach can reveal vulnerabilities that would not\n manifest themselves under normal conditions. \n After completing its work on LDAP, OUSPG moved its focus to\n SNMPv1. As with LDAP, they designed a custom test suite, began\n testing a selection of products, and found a number of\n vulnerabilities. Because OUSPG's work on LDAP was similar in\n procedure to its current work on SNMP, you may wish to review the\n LDAP Test Suite and CERT Advisory CA-2001-18, which outlined\n results of application of the test suite. \n In order to test the security of protocols like SNMPv1, the PROTOS\n project presents a server with a wide variety of sample packets\n containing unexpected values or illegally formatted data. As a\n member of the PROTOS project consortium, the OUSPG used the PROTOS\n c06-snmpv1 test suite to study several implementations of the\n SNMPv1 protocol. \n\n Background Information on the Simple Network Management Protocol\n \n The Simple Network Management Protocol (SNMP) is the most popular\n protocol in use to manage networked devices. SNMP was designed in\n the late 80's to facilitate the exchange of management information\n between networked devices, operating at the application layer of\n the ISO/OSI model. The SNMP protocol enables network and system\n administrators to remotely monitor and configure devices on the\n network (devices such as switches and routers). Software and\n firmware products designed for networks often make use of the SNMP\n protocol. SNMP runs on a multitude of devices and operating\n systems, including, but not limited to,\n + Core Network Devices (Routers, Switches, Hubs, Bridges, and\n Wireless Network Access Points)\n + Operating Systems\n + Consumer Broadband Network Devices (Cable Modems and DSL\n Modems)\n + Consumer Electronic Devices (Cameras and Image Scanners)\n + Networked Office Equipment (Printers, Copiers, and FAX\n Machines)\n + Network and Systems Management/Diagnostic Frameworks (Network\n Sniffers and Network Analyzers)\n + Uninterruptible Power Supplies (UPS)\n + Networked Medical Equipment (Imaging Units and Oscilloscopes)\n + Manufacturing and Processing Equipment\n The SNMP protocol is formally defined in RFC1157. Quoting from\n that RFC:\n\n Implicit in the SNMP architectural model is a collection\n of network management stations and network elements. \n Network management stations execute management\n applications which monitor and control network elements. \n Network elements are devices such as hosts, gateways,\n terminal servers, and the like, which have management\n agents responsible for performing the network management\n functions requested by the network management stations. \n The Simple Network Management Protocol (SNMP) is used to\n communicate management information between the network\n management stations and the agents in the network\n elements. \n\n Additionally, SNMP is discussed in a number of other RFC\n documents:\n + RFC 3000 Internet Official Protocol Standards\n + RFC 1212 Concise MIB Definitions\n + RFC 1213 Management Information Base for Network Management\n of TCP/IP-based Internets: MIB-II\n + RFC 1215 A Convention for Defining Traps for use with the\n SNMP\n + RFC 1270 SNMP Communications Services\n + RFC 2570 Introduction to Version 3 of the Internet-standard\n Network Management Framework\n + RFC 2571 An Architecture for Describing SNMP Management\n Frameworks\n + RFC 2572 Message Processing and Dispatching for the Simple\n Network Management Protocol (SNMP)\n + RFC 2573 SNMP Applications\n + RFC 2574 User-based Security Model (USM) for version 3 of the\n Simple Network Management Protocol (SNMPv3)\n + RFC 2575 View-based Access Control Model (VACM) for the\n Simple Network Management Protocol (SNMP)\n + RFC 2576 Coexistence between Version 1, Version 2, and\n Version 3 of the Internet-standard Network Management\n Framework\n _____________________________________________________________\n\n The CERT Coordination Center thanks the Oulu University Secure\n Programming Group for reporting these vulnerabilities to us, for\n providing detailed technical analyses, and for assisting us in\n preparing this advisory. We also thank Steven M. Bellovin (AT&T\n Labs -- Research), Wes Hardaker (Net-SNMP), Steve Moulton (SNMP\n Research), Tom Reddington (Bell Labs), Mike Duckett (Bell South),\n Rob Thomas, Blue Boar (Thievco), and the many others who\n contributed to this document. \n _____________________________________________________________\n\n Feedback on this document can be directed to the authors, Ian A. \n Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. \n Householder, Marty Lindner, and Art Manion. \n __________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2002-03.html\n __________________________________________________________________\n\n CERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n \n Using encryption\n We strongly urge you to encrypt sensitive information sent by\n email. Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n If you prefer to use DES, please call the CERT hotline for more\n information. \n \n Getting security information\n CERT publications and other security information are available\n from our web site\n http://www.cert.org/\n To subscribe to the CERT mailing list for advisories and\n bulletins, send email to majordomo@cert.org. Please include in the\n body of your message\n \n subscribe cert-advisory\n \n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n __________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the\n Software Engineering Institute is furnished on an \"as is\" basis. \n Carnegie Mellon University makes no warranties of any kind, either\n expressed or implied as to any matter including, but not limited\n to, warranty of fitness for a particular purpose or\n merchantability, exclusivity or results obtained from use of the\n material. Carnegie Mellon University does not make any warranty of\n any kind with respect to freedom from patent, trademark, or\n copyright infringement. \n _____________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n Copyright 2002 Carnegie Mellon University. \n\nRevision History\n\n February 12, 2002: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU\nR1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl\nQUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr\nuZiMJ5f2SEo=\n=h42e\n-----END PGP SIGNATURE-----\n", sources: [ { db: "NVD", id: "CVE-1999-1570", }, { db: "CERT/CC", id: "VU#107186", }, { db: "CERT/CC", id: "VU#854306", }, { db: "BID", id: "4732", }, { db: "BID", id: "4089", }, { db: "BID", id: "4132", }, { db: "PACKETSTORM", id: "25758", }, ], trust: 3.24, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "BID", id: "4089", trust: 2.7, }, { db: "BID", id: "4132", trust: 1.9, }, { db: "BID", id: "4732", trust: 1.9, }, { db: "NVD", id: "CVE-1999-1570", trust: 1.9, }, { db: "CERT/CC", id: "VU#107186", trust: 0.9, }, { db: "CERT/CC", id: "VU#854306", trust: 0.9, }, { db: "BID", id: "4088", trust: 0.8, }, { db: "VULN-DEV", id: "20020509 SAR -O EXPLOITATION PROCESS INFO.", trust: 0.6, }, { db: "XF", id: "8989", trust: 0.6, }, { db: "BUGTRAQ", id: "19990909 19 SCO 5.0.5+SKUNWARE98 BUFFER OVERFLOWS", trust: 0.6, }, { db: "CALDERA", id: "CSSA-2002-SCO.17", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-200205-001", trust: 0.6, }, { db: "PACKETSTORM", id: "25758", trust: 0.1, }, ], sources: [ { db: "CERT/CC", id: "VU#107186", }, { db: "CERT/CC", id: "VU#854306", }, { db: "BID", id: "4732", }, { db: "BID", id: "4089", }, { db: "BID", id: "4132", }, { db: "PACKETSTORM", id: "25758", }, { db: "CNNVD", id: "CNNVD-200205-001", }, { db: "NVD", id: "CVE-1999-1570", }, ], }, id: "VAR-200205-0149", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.42828385666666663, }, last_update_date: "2024-08-14T13:40:38.790000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-1999-1570", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "http://www.securityfocus.com/bid/4089", }, { trust: 1.7, url: "http://www.ee.oulu.fi/research/ouspg/protos/", }, { trust: 1.7, url: "http://www.cert.org/tech_tips/denial_of_service.html", }, { trust: 1.7, url: "http://www.ietf.org/rfc/rfc1215.txt", }, { trust: 1.7, url: "http://www.ietf.org/rfc/rfc1270.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc3000.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc1212.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc1213.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc2570.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc2571.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc2572.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc2573.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc2574.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc2575.txt", }, { trust: 1.6, url: "http://www.ietf.org/rfc/rfc2576.txt", }, { trust: 1.6, url: "http://online.securityfocus.com/bid/4132", }, { trust: 1.6, url: "http://online.securityfocus.com/bid/4732", }, { trust: 1.6, url: "http://www.iss.net/security_center/static/8989.php", }, { trust: 1.6, url: "ftp://stage.caldera.com/pub/security/openserver/cssa-2002-sco.17/cssa-2002-sco.17.txt", }, { trust: 1.6, url: "http://online.securityfocus.com/archive/1/27074", }, { trust: 1, url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, { trust: 0.8, url: "http://www.securityfocus.com/bid/4088", }, { trust: 0.7, url: "http://www.cert.org/advisories/ca-2002-03.html", }, { trust: 0.6, url: "http://marc.theaimsgroup.com/?l=vuln-dev&m=102098949103708&w=2", }, { trust: 0.3, url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44605", }, { trust: 0.3, url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f42769", }, { trust: 0.3, url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f43365", }, { trust: 0.3, url: "http://online.securityfocus.com/news/474", }, { trust: 0.3, url: "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-006.asp", }, { trust: 0.3, url: "http://otn.oracle.com/deploy/security/pdf/snmp_2002_alert.pdf", }, { trust: 0.3, url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f46343", }, { trust: 0.3, url: "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-non-ios-pub.shtml", }, { trust: 0.3, url: "http://www.cisco.com/public/sw-center/sw-ios.shtml", }, { trust: 0.3, url: "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml", }, { trust: 0.1, url: "http://www.ietf.org/rfc/rfc1352.txt", }, { trust: 0.1, url: "http://www.redhat.com/support/errata/rhsa-2001-163.html", }, { trust: 0.1, url: "http://www.cert.org/tech_tips/snmp_faq.html", }, { trust: 0.1, url: "http://download.cacheflow.com/release/ca/4.1.02/relnotes.htm", }, { trust: 0.1, url: "http://www.innerdive.com/products/ric/)", }, { trust: 0.1, url: "http://www.kb.cert.org/vuls/id/107186", }, { trust: 0.1, url: "https://www.juniper.net.", }, { trust: 0.1, url: "http://sunsolve.sun.com/securitypatch.", }, { trust: 0.1, url: "http://www.kb.cert.org/vuls/id/854306", }, { trust: 0.1, url: "http://www.cisco.com/go/psirt/.", }, { trust: 0.1, url: "http://download.cacheflow.com/release/ca/4.0.15/relnotes.htm", }, { trust: 0.1, url: "http://www.ietf.org/rfc/rfc1067.txt", }, { trust: 0.1, url: "https://www.dartware.com)", }, { trust: 0.1, url: "http://www.ietf.org/rfc/rfc1140.txt", }, { trust: 0.1, url: "http://itrc.hp.com", }, { trust: 0.1, url: "http://www.sun.com/solstice/products/ent.agents/", }, { trust: 0.1, url: "http://stage.caldera.com/support/security", }, { trust: 0.1, url: "http://www.ee.oulu.fi/research/ouspg/)", }, { trust: 0.1, url: "http://www.net-snmp.org/download/).", }, { trust: 0.1, url: "http://www.cert.org/", }, { trust: 0.1, url: "http://www.cert.org/cert_pgp.key", }, { trust: 0.1, url: "http://www.ibm.com/software/lotus/support/).", }, { trust: 0.1, url: "http://download.cacheflow.com/release/sa/4.0.15/relnotes.htm", }, { trust: 0.1, url: "http://download.cacheflow.com/", }, { trust: 0.1, url: "http://www.ietf.org/rfc/rfc1156.txt", }, { trust: 0.1, url: "http://support.novell.com/tools/csp/", }, { trust: 0.1, url: "http://support.openview.hp.com/cpe/patches/", }, { trust: 0.1, url: "https://www.covalent.net", }, { trust: 0.1, url: "http://www.innerdive.com/products/mibscout/)", }, { trust: 0.1, url: "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/0100.h", }, { trust: 0.1, url: "http://sunsolve.sun.com/security.", }, { trust: 0.1, url: "http://www.ietf.org/rfc/rfc1155.txt", }, { trust: 0.1, url: "http://www.stonesoft.com/support/techcenter/", }, { trust: 0.1, url: "http://www.sgi.com/support/security/.", }, { trust: 0.1, url: "http://www.ietf.org/rfc/rfc1089.txt", }, { trust: 0.1, url: "http://download.cacheflow.com/release/ca/3.1.22/relnotes.htm", }, ], sources: [ { db: "CERT/CC", id: "VU#107186", }, { db: "CERT/CC", id: "VU#854306", }, { db: "BID", id: "4732", }, { db: "BID", id: "4089", }, { db: "BID", id: "4132", }, { db: "PACKETSTORM", id: "25758", }, { db: "CNNVD", id: "CNNVD-200205-001", }, { db: "NVD", id: "CVE-1999-1570", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#107186", }, { db: "CERT/CC", id: "VU#854306", }, { db: "BID", id: "4732", }, { db: "BID", id: "4089", }, { db: "BID", id: "4132", }, { db: "PACKETSTORM", id: "25758", }, { db: "CNNVD", id: "CNNVD-200205-001", }, { db: "NVD", id: "CVE-1999-1570", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2002-01-16T00:00:00", db: "CERT/CC", id: "VU#107186", }, { date: "2002-02-12T00:00:00", db: "CERT/CC", id: "VU#854306", }, { date: "2002-05-13T00:00:00", db: "BID", id: "4732", }, { date: "2002-02-12T00:00:00", db: "BID", id: "4089", }, { date: "2002-02-12T00:00:00", db: "BID", id: "4132", }, { date: "2002-02-12T22:54:19", db: "PACKETSTORM", id: "25758", }, { date: "2002-02-12T00:00:00", db: "CNNVD", id: "CNNVD-200205-001", }, { date: "2002-05-01T04:00:00", db: "NVD", id: "CVE-1999-1570", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2007-11-07T00:00:00", db: "CERT/CC", id: "VU#107186", }, { date: "2007-11-07T00:00:00", db: "CERT/CC", id: "VU#854306", }, { date: "2002-05-13T00:00:00", db: "BID", id: "4732", }, { date: "2009-07-11T10:56:00", db: "BID", id: "4089", }, { date: "2002-02-12T00:00:00", db: "BID", id: "4132", }, { date: "2005-10-20T00:00:00", db: "CNNVD", id: "CNNVD-200205-001", }, { date: "2016-10-18T02:06:04.880000", db: "NVD", id: "CVE-1999-1570", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "4732", }, { db: "BID", id: "4089", }, { db: "BID", id: "4132", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple vulnerabilities in SNMPv1 trap handling", sources: [ { db: "CERT/CC", id: "VU#107186", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "4089", }, { db: "CNNVD", id: "CNNVD-200205-001", }, ], trust: 0.9, }, }
gsd-1999-1570
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
Aliases
Aliases
{ GSD: { alias: "CVE-1999-1570", description: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.", id: "GSD-1999-1570", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-1999-1570", ], details: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.", id: "GSD-1999-1570", modified: "2023-12-13T01:22:57.909923Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-1999-1570", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "19990909 19 SCO 5.0.5+Skunware98 buffer overflows", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/27074", }, { name: "CSSA-2002-SCO.17", refsource: "CALDERA", url: "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt", }, { name: "4089", refsource: "BID", url: "http://www.securityfocus.com/bid/4089", }, { name: "openserver-sar-bo(8989)", refsource: "XF", url: "http://www.iss.net/security_center/static/8989.php", }, { name: "20020509 Sar -o exploitation process info.", refsource: "VULN-DEV", url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:caldera:openserver:5.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-1999-1570", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], }, ], }, references: { reference_data: [ { name: "4089", refsource: "BID", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4089", }, { name: "openserver-sar-bo(8989)", refsource: "XF", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/8989.php", }, { name: "CSSA-2002-SCO.17", refsource: "CALDERA", tags: [ "Patch", "Vendor Advisory", ], url: "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt", }, { name: "19990909 19 SCO 5.0.5+Skunware98 buffer overflows", refsource: "BUGTRAQ", tags: [], url: "http://online.securityfocus.com/archive/1/27074", }, { name: "20020509 Sar -o exploitation process info.", refsource: "VULN-DEV", tags: [], url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, }, lastModifiedDate: "2016-10-18T02:06Z", publishedDate: "2002-05-01T04:00Z", }, }, }
ghsa-79g8-69hq-h5jh
Vulnerability from github
Published
2022-05-03 03:06
Modified
2022-05-03 03:06
Details
Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
{ affected: [], aliases: [ "CVE-1999-1570", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2002-05-01T04:00:00Z", severity: "HIGH", }, details: "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.", id: "GHSA-79g8-69hq-h5jh", modified: "2022-05-03T03:06:08Z", published: "2022-05-03T03:06:08Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-1999-1570", }, { type: "WEB", url: "http://marc.info/?l=vuln-dev&m=102098949103708&w=2", }, { type: "WEB", url: "http://online.securityfocus.com/archive/1/27074", }, { type: "WEB", url: "http://www.iss.net/security_center/static/8989.php", }, { type: "WEB", url: "http://www.securityfocus.com/bid/4089", }, ], schema_version: "1.4.0", severity: [], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.