BinTec Communications AG Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

      BinTec Communications announces that SNMP vulnerabilty VU#854306 reported in
      March has been resolved with System Software Release 6.2.1.  If you do not
      wish to use the workarounds suggested in March in order to obviate possible
      exploits of VU#854306, you can update your system. The software is currently
      available as BETA software from www.bintec.net, and the final release is
      expected in June.

      Please, note that BETA software is susceptible to malfunctions, and that
      BinTec Communications does not assume responsibility for any problems
      arising from the use of BETA software. If you do not want to use System
      Software Release 6.2.1 BETA, you can still use the workarounds suggested in
      our initial statement.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.