COMTEK Services Inc Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
In reference to your notification regarding [VU#617947] [OUSPG#0100],
vulnerabilities in COMTEK Services' SNMP products are as follows:
NMServer for AS/400 is not an SNMP master and is therefore not vulnerable.
However this product requires the use of the AS/400 SNMP master agent
supplied by IBM. Please refer to IBM for statements of vulnerabilities for
the AS/400 SNMP master agent.
NMServer for OpenVMS has been tested and has shown to be vulnerable. COMTEK
Services has released a new version (version 3.5) of this product that
includes a fix for this problem. Contact COMTEK Services
firstname.lastname@example.org to arrange to download the new version.
NMServer for VOS has not as yet been tested; vulnerability of this agent is
unknown. Contact email@example.com for further information on the
testing schedule of the VOS product.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.