Wireshark · Ethereal-users: Re: [Ethereal-users] SNMP decoding. Security Problem.

Ethereal-users: Re: [Ethereal-users] SNMP decoding. Security Problem.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Wed, 13 Feb 2002 12:17:16 -0800 (PST)

> Ethereal uses SNMP module ucd-snmp for decoding.

Ethereal uses either CMU or UCD SNMP, *if* compiled in, to do things
that involve MIB files, such as translating OIDs to names, and
formatting the display string for object variables.

It does *NOT* use them to do ASN.1 parsing, and...

> As mentioned recently on bugtraq, almost all snmp clients and servers have
> security vulnerabilities.

...the security vulnerabilities are, from everything I've seen, in the
ASN.1 parsing code of the SNMP implementations in question - code that
Ethereal does *NOT* use.

There may well be similar bugs in Ethereal's ASN.1 parsing, or its code
to dissect SNMP packets as well...

> There is now an update to ucd-snmp to fix some of the problems.
> 
> Anyone using ethereal in a production environment should get all the latest
> versions of ucd-snmp to help prevent problems.

...but, if there are bugs in it, upgrading to a newer version of UCD
SNMP will *not* fix those bugs.

References:
- [Ethereal-users] SNMP decoding. Security Problem.
  - From: James Courtier-Dutton

Prev by Date: Re: [Ethereal-users] ethereal
Next by Date: Re: [WinPcap] Re: [Ethereal-users] Re: ethereal on Win XP
Previous by thread: [Ethereal-users] SNMP decoding. Security Problem.
Next by thread: [Ethereal-users] ATM
Index(es):
- Date
- Thread