COMTEK Services Inc Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      In reference to your notification regarding [VU#617947] [OUSPG#0100],
      vulnerabilities in COMTEK Services' SNMP products are as follows:

      NMServer for AS/400 is not an SNMP master and is therefore not vulnerable.
      However this product requires the use of the AS/400 SNMP master agent
      supplied by IBM.  Please refer to IBM for statements of vulnerabilities for
      the AS/400 SNMP master agent.

      NMServer for OpenVMS has been tested and has shown to be vulnerable.  COMTEK
      Services has released a new version (version 3.5) of this product that
      includes a fix for this problem.  Contact COMTEK Services to arrange to download the new version.

      NMServer for VOS has not as yet been tested; vulnerability of this agent is
      unknown.  Contact for further information on the
      testing schedule of the VOS product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.