TMP Consultoria S/C Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Not Affected

Vendor Statement

      The Computer Emergency Response Team (CERT) has issued last week an
      advisory regarding numerous vulnerabilities affecting most vendors'
      SNMP implementations. This advisory, which can be accessed on
      http://www.cert.org/advisories/CA-2002-03.html, specifically addressed
      vulnerabilities on the implementations' handling of SNMPv1 trap and
      request PDUs (more specifically, the handling of the Trap, Get, Set,
      and GetNext PDUs).

      TMP would like to state that we have evaluated the impact of those
      vulnerabilities on our WANView line of network management solutions,
      and that we are in NO WAY vulnerable to any of the issues reported,
      as follows:

      VU#854306 - Multiple Vulnerabilities in SNMPv1 Request Handling: This
      advisory is not applicable to WANView, because WANView does not accept
      or process in any way SNMP Get/Set/GetNext PDUs; rather, WANView sends
      those requests to the monitored equipment, and process subsequent
      responses.

      VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling: This
      advisory is not applicable to WANView either, because WANView currently
      does not accept SNMP traps (this has been a product design decision)
      WANView can be configured to send SNMP traps to other systems, and is
      not affected in this regard.

      In case you have any questions or need further assistance regarding
      these matters, please contact us at <wanview@tmp.com.br>.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.