RAD Data Communications Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

      The security of our customer's networks is of highest priority to RAD Data
      Communications Ltd. ("RAD"). RAD is aware of CERT's Advisories VU#854306 and
      VU#107186, and is working together with it's partners to assess if any of
      its products might be affected.

      VU#107186: RAD's Network Management System (RADview) is not vulnerable to
      the extent of working in conjunction with 3rd party products, such as Castle
      Rock's SNMPc 5, HP's NNM 6.2, Microsoft's Windows NT4 and Sun's Solaris 2.7.
      Customers are advised to consult the respective responses of these vendors,
      available at http://www.kb.cert.org/vuls/id/854306 and verify that they comply with each vendor's specific recommendations.

      VU#854306: As a first measure, we have requested from 3rd party software
      developers, the products of which are integrated within RAD's SNMP agents
      and Network Management station, to provide us with statements as to their
      products vulnerabilities and their potential impact. We are currently
      waiting for their conclusions. In parallel, RAD is in process of internally
      setting up the testing schedules and facilities to ascertain the
      vulnerability of our products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.