Understanding Cert's SNMP Vulnerabilities Suite

Understanding Cert's SNMP Vulnerabilities Suite

Post by sukhp » Fri, 15 Mar 2002 09:20:38

Hello everyone,

I am looking for information to help me understand OULU's SNMP test

Presently, I have been using c06-snmpv1-req-app-r1.jar against SNMP
managed devices. Test 238-242 failed and I am having problems
interpreting what those test exactly do. I went to the OULU web site
I found out that test 3-377 are get-req-version-integer under the
following categories:
1. Overflows with multiple zeroes and integer coded format strings
2. Overflow integers: various very big integers from (+/-)1 to
magnitudes (+/-)2^256 and above
3. Large boundaric integer values (ie. (2^32)+-1, (2^64)+-1,...)

I need to know what test 238-442 do. How are they different from the
other test in the range of 3-377?

Thanks in Advance for any help to this message.



1. Test Suites for CERT SNMP Advisory


I'm looking for test suites to determine if an agent is vulnerable to the
CERT advisories

VU#854306 (Multiple vulnerabilities in SNMPv1 request handling)
VU#107186 (Multiple vulnerabilities in SNMPv1 trap handling).

I'm aware of the test suite developed by the OUSPG used to deliver their
alert and SimpleSoft's SimpleSleuth.  Are there any other products

Mary Castro
Lucent Technologies        phone: 978-960-3996
1600 Osgood St.            fax:      978-960-6329

N. Andover, MA 01845

Remove <nospam> to e-mail me.

2. Monitoring OUTGOING calls

3. Solaris 8 & login vulnerability CERT 2001-34


5. CERT(sm) Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

6. good documentation

7. CERT Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

8. Covox Box (WTB: Covox?)

9. Adobe, CERT post responses to recent PDF vulnerability report

10. CERT Parody....AIBO vulnerability

11. Understanding SNMP MIB's

12. I don't understand the steps involved in implementing SNMP

13. I don't understand SNMP!