Alvarion Ltd. Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
In response to CERTŪ Advisory CA-2002-03 regarding multiple vulnerabilities
in many implementations of the Simple Network Management Protocol (SNMP),
Alvarion performed a varied and thorough set of tests on its BreezeACCESS
and WALKair products. The tests performed are the ones recommended by the
PROTOS project paper.
Following these tests, Alvarion found no denial of service, memory
corruption, stack corruption or other fatal error conditions in its
BreezeACCESS and WALKair products.
In addition, Alvarion's BreezeACCESS and WALKair products implement the
following additional security measures which are recommended by the PROTOS
1. Perimeter filtering to SNMP traffic.
2. SNMP device based network access control to filter the traffic.
3. Isolation of SNMP traffic into a separate management VLAN (applicable for
BreezeACCESS II, XL and MMDS).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.