Security Advisory 0001
Date: 6/17/2008
Affected Software Version: EOS 2.0.2 or earlier
Bug 3184: SNMP v3 authentication may be bypassed
Impact: A carefully crafted SNMPv3 packet may succeed in bypassing the authentication check. The attacker would only be granted access to the portions of the SNMP MIB space that the account would have been normally granted access to. Net-SNMP has been upgraded to close this vulnerability. (This issue is covered in US CERT VU#878044)
Resolution: Please upgrade to EOS 2.0.3 or later. The bug referenced above has been resolved in EOS 2.0.3, which was released 6/17/2008.