Page History
...
A more pernicious example of multiple implementation is a vulnerability whose root cause lies in the specification or reference implementation of a network protocol. Because most vendor's products will specifically test for compatibility with these reference artifacts, such cases usually imply that every product supporting that feature will need to be fixed. Multi-originator cases can be very complex to coordinate. The SNMP vulnerabilities found in 2002 via the OUSPG PROTOS Test Suite c06-snmpv1 [9] [,10] [,11] [,12] represented just such a case, and stand to this day as the most complex disclosure case the CERT/CC has ever coordinated.
...
Overview
Content Tools