TMP Consultoria S/C Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
The Computer Emergency Response Team (CERT) has issued last week an
advisory regarding numerous vulnerabilities affecting most vendors'
SNMP implementations. This advisory, which can be accessed on
http://www.cert.org/advisories/CA-2002-03.html, specifically addressed
vulnerabilities on the implementations' handling of SNMPv1 trap and
request PDUs (more specifically, the handling of the Trap, Get, Set,
and GetNext PDUs).
TMP would like to state that we have evaluated the impact of those
vulnerabilities on our WANView line of network management solutions,
and that we are in NO WAY vulnerable to any of the issues reported,
VU#854306 - Multiple Vulnerabilities in SNMPv1 Request Handling: This
advisory is not applicable to WANView, because WANView does not accept
or process in any way SNMP Get/Set/GetNext PDUs; rather, WANView sends
those requests to the monitored equipment, and process subsequent
VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling: This
advisory is not applicable to WANView either, because WANView currently
does not accept SNMP traps (this has been a product design decision)
WANView can be configured to send SNMP traps to other systems, and is
not affected in this regard.
In case you have any questions or need further assistance regarding
these matters, please contact us at <email@example.com>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.