Computer Associates Information for VU#952171

Hewlett Packard OpenView and Tivoli NetView do not adequately validate SNMP trap arguments

Status

Not Affected

Vendor Statement

Computer Associates has completed a review of all Unicenter functions and processing related to SNMP traps as indicated by the advisory. Unicenter is not subject to the same vulnerabilities as demonstrated by the SNMP trap managers identified by CERT (i.e., OpenView and NetView). CA Unicenter does not formulate commands determined through trap data parsing. Unicenter implements this technology using different methods and thereby avoids this exposure. Computer Associates maintains strong relationships with these vendors and recommends that clients running any environments containing either of these products visit the website URLs specifically identified by the CERT Coordination Center.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.