Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SNMP Vulnerabilities

0

0

Article ID: JSA10303 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
FA-SW-0202-001
Product Affected:
All releases of JUNOS software prior to January 5, 2002
Problem:
CERT Advisory CA-2002-03 describes a series of tests designed to determine the vulnerability of SNMP implementations. Juniper Networks has evaluated its software using the provided test suites, and has determined that, with one exception, the JUNOS Internet software is not vulnerable to any of the potential exploits.

The only vulnerability found occurred when SNMP PDU tracing was enabled (snmp traceoptions flag pdu). With this trace flag enabled, certain invalid SNMP varbinds can cause the SNMP process to overflow a buffer and terminate. Although one could theoretically use this buffer overflow to gain root access to the router, no known exploit code exists.
Solution:
Stricter checking and validation of all SNMP packets has been implemented in all JUNOS software released on or after January 5th, 2002.
Implementation:
Customers who are running affected JUNOS software released prior to January 5th, 2002, and who also have SNMP PDU tracing enabled, should update their software to a version released on or after January 5th, 2002. This software can be downloaded from the Juniper Networks web site at http://www.juniper/net/support/.

As a work-around, customers can remove ýsnmp traceoptions flag pduý from the routerýs configuration.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search