Standard Networks Inc. Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
Standard Networks offers a "mainframe connectivity" family of products under the "UniGate" brand name.
These products contain SNMP agents. After reviewing the recent information regarding SNMP vulnerabilities,
performing a source code audit and running a variety of publicly available SNMP exploit suites (including the OUSPG test suite),
we believe the UniGate product is not vulnerable to the problems described in VU#854306.
SNMP agent services are enabled by default on UniGate after version 3.6.07. (This version was released in late 1995; anyone
with a "Year 2000 Compliant" version runs SNMP services.) It is not currently possible to turn on and shut off SNMP services
on a UniGate, but it is possible to change the "inquiry" and "update" strings to unusual values (i.e. "m2H9j3s4")
to prevent unauthorized access to the machine. Alternatively, a current version of the UniGate software with SNMP "hardcoded off "(3.99.31)
is available from Standard Networks directly for customers who feel they need to have this service disabled immediately.
(A future version will allow users to toggle SNMP services on and off.)
Attempts to find or exploit SNMP vulnerabilities on a UniGate platform will often cause the UniGate to log those attempts
as "Community Errors" or "Misc Errors" on the "SNMP Statistics" screen and/or as "IP: Fragment Msg too big" errors on the main status screen.
Standard Networks' "OpenIT mainframe connectivity" product will also act as an SNMP agent if SNMP is enabled under Windows NT (rare).
OpenIT customers are encouraged to follow "Microsoft Corporation's" latest recommendations regarding Windows
NT SNMP issues if they are using this service. It is however possible to immediately disable any active SNMP services on
any OpenIT platform by stopping the "SNMP" service from the "Services Control Panel."
No other Standard Networks products (i.e. "EMU Terminal Emulator", "ActiveHEAT Host Access", the "MOVEit" family of secure file transfer products) are affected by this issue.
Customers are encouraged to call Standard Networks immediately (+001 608.227.6100) with any questions or concerns about their specific configuration.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.