Security Advisories

Date: 6/17/2008

Affected Software Version: EOS 2.0.2 or earlier

Bug 3184: SNMP v3 authentication may be bypassed

Impact: A carefully crafted SNMPv3 packet may succeed in bypassing the authentication check. The attacker would only be granted access to the portions of the SNMP MIB space that the account would have been normally granted access to. Net-SNMP has been upgraded to close this vulnerability. (This issue is covered in US CERT VU#878044)

Resolution: Please upgrade to EOS 2.0.3 or later. The bug referenced above has been resolved in EOS 2.0.3, which was released 6/17/2008.