Ethereal-users: Re: [Ethereal-users] SNMP decoding. Security Problem.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 13 Feb 2002 12:17:16 -0800 (PST)
> Ethereal uses SNMP module ucd-snmp for decoding.

Ethereal uses either CMU or UCD SNMP, *if* compiled in, to do things
that involve MIB files, such as translating OIDs to names, and
formatting the display string for object variables.

It does *NOT* use them to do ASN.1 parsing, and...

> As mentioned recently on bugtraq, almost all snmp clients and servers have
> security vulnerabilities.

...the security vulnerabilities are, from everything I've seen, in the
ASN.1 parsing code of the SNMP implementations in question - code that
Ethereal does *NOT* use.

There may well be similar bugs in Ethereal's ASN.1 parsing, or its code
to dissect SNMP packets as well...

> There is now an update to ucd-snmp to fix some of the problems.
> 
> Anyone using ethereal in a production environment should get all the latest
> versions of ucd-snmp to help prevent problems.

...but, if there are bugs in it, upgrading to a newer version of UCD
SNMP will *not* fix those bugs.