Aprisma Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
As mentioned within Aprisma’s February 2002 CERT advisory statement, we have performed the necessary SPECTRUM (6.0 rev3 and 6.5) tests required to address CERT Advisory CA-2002-03, VU#107186 - PROTOS Test-Suite: c06-SNMPv1.
Aprisma’s comprehensive testing has revealed less than ten SNMP message tests - out of thousands of individual tests conducted - exhibited irregular system behavior. As a result of these findings, Aprisma is issuing the following patches to protect our customers against known SNMPv1 vulnerabilities:
CERT Advisory CA-2002-03
VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling:
· Patch 71 for SPECTRUM 6.0 rev3
· Patch 22 for SPECTRUM 6.5 (SPECTRUM infinitya, SPECTRUM integritya, and SPECTRUM xsighta)
For customer convenience, Aprisma has combined previously released patches (Patches 9 and 21 for SPECTRUM 6.5), that help prevent a SNMPv1 trap-related vulnerability, into the aforementioned Patch 22 for SPECTRUM 6.5.
It is recommended that all SPECTRUM customers, who have not taken alternative measures to secure their SPECTRUM servers from SNMPv1 vulnerabilities, install the appropriate patch immediately when available. Patches will be made available over the next several weeks.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.