[SNMP4J] SNMP4J Vulnerability / Certification
Abernethy, Scott
Scott.Abernethy at HSTX.com
Wed Jul 2 23:34:44 CEST 2008
Thanks for the quick reply Frank.
IMO a statement on the SNMP4J site regarding those two cert
vulnerabilities would be helpful.
Regards,
Scott.
-----Original Message-----
From: Frank Fock [mailto:fock at agentpp.com]
Sent: Wednesday, 2 July 2008 7:47 p.m.
To: Abernethy, Scott
Cc: snmp4j at agentpp.org
Subject: Re: [SNMP4J] SNMP4J Vulnerability / Certification
Scott,
Obviously, I cannot confirm that "SNMP4J is not vulnerable to *any*
attacks". Sorry, this is not how software works.
SNMP4J is not affected by the latest NET-SNMP bug
(http://www.kb.cert.org/vuls/id/878044)
and it is not affected by
http://www.cert.org/advisories/CA-2002-03.html
You can search the mailing list archive using your favorite search
engine. With Google enter your search string and then append " SNMPv3
site:http://lists.agentpp.org/pipermail/snmp4j"
Best regards,
Frank
Abernethy, Scott wrote:
> I want to confirm that the SNMP4J API is not vulnerable to any
attacks.
> Is the SNMP4J API certified against any vulnerability tests, and if
> so, which? I.e. is it tested with any available tools (e.g.
> SimpleSleuth), and does it pass applicable CERT vulnerability issues
> (e.g. VU#878044), etc?
>
> I've looked all over the snmp4j.org site and through the API
> documentation, but I can't find any mention of this topic.
>
> Thanks,
> Scott.
>
> ps Appologies if this has been previously covered in this mailing
> list
> - without an archive search feature it is very hard to find out.
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
--
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com
More information about the SNMP4J
mailing list