Alvarion Ltd. Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Not Affected

Vendor Statement

      In response to CERTŪ Advisory CA-2002-03 regarding multiple vulnerabilities
      in many implementations of the Simple Network Management Protocol (SNMP),
      Alvarion performed a varied and thorough set of tests on its BreezeACCESS
      and WALKair products. The tests performed are the ones recommended by the
      PROTOS project paper.

      Following these tests, Alvarion found no denial of service, memory
      corruption, stack corruption or other fatal error conditions in its
      BreezeACCESS and WALKair products.

      In addition, Alvarion's BreezeACCESS and WALKair products implement the
      following additional security measures which are recommended by the PROTOS
      project report:

      1. Perimeter filtering to SNMP traffic.
      2. SNMP device based network access control to filter the traffic.
      3. Isolation of SNMP traffic into a separate management VLAN (applicable for
      BreezeACCESS II, XL and MMDS).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.