3Com Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

      A vulnerability to an SNMP packet with an invalid length community string has been resolved in the following products. Customers concerned about this weakness should ensure that they upgrade to the following agent versions:

      PS Hub 40

      2.16 is due Feb 2002

      PS Hub 50

      2.16 is due Feb 2002

      Dual Speed Hub

      2.16 is due Jan 2002

      Switch 1100/3300

      2.68 is available now

      Switch 4400

      2.02 is available now

      Switch 4900

      2.04 is available now

      WebCache1000/3000

      2.00 is due Jan 2002

      For updated information on CommWorks Corporation, a 3Com company,
      visit http://www.commworks.com/Press/Archive/2002/February/CERT_Advisory.asp

      In addition, CommWorks' customers should monitor http://totalservice.commworks.com/cert_update.cfm
      for updated information addressing the CERT advisory, as well as information on available patches for
      CommWorks' products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.