search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Multiple vulnerabilities in SNMPv1 trap handling

Vulnerability Note VU#107186

Original Release Date: 2002-01-16 | Last Revised: 2007-11-07

Overview

Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below.

Description

The Oulu University Secure Programming Group (OUSPG) has reported numerous vulnerabilities in multiple vendor SNMPv1 implementations. By applying the PROTOS c06-SNMPv1 test suite to a variety of popular SNMPv1-enabled products, the OUSPG revealed a number of vulnerabilities across a wide range of products. This vulnerability note focuses on vulnerabilities occurring in code responsible for SNMPv1 trap handling.

SNMPv1 supports five different types of messages: GetRequest, SetRequest, GetNextRequest, GetResponse, and Trap. A single SNMP message is referred to as a Protocol Data Unit (PDU). These messages are described using Abstract Syntax Notation One (ASN.1) and translated into binary format using Basic Encoding Rules (BER). SNMP trap messages are sent from agents to managers. Trap messages are unsolicited (the manager does not issue a request message) and may indicate a warning or error condition or otherwise notify the manager about the agent's state. SNMP managers should reliably decode trap messages and process the resulting application data. OUSPG performed two sets of tests of SNMP trap message handling: one test focused on ASN.1 decoding, the second looked for exceptions in the processing of the decoded data.

The results yielded multiple vulnerabilities in both the ASN.1 decoding and the subsequent processing of SNMP trap messages by many different SNMP managers. Vulnerabilities include denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the request message to use the correct SNMP community string.

Additional Background Information on the OUSPG

OUSPG is a academic research group located at Oulu University in Finland. The purpose of this research group is to test software for vulnerabilities.

History has shown that the techniques used by the OUSPG have discovered a large number of previously undetected problems in the products and protocols they have tested. In 2001, the OUSPG produced a comprehensive test suite for evaluating implementations of the Lightweight Directory Access Protocol (LDAP). This test suite was developed with the strategy of stressing protocol implementations in unsupported and unexpected ways, and it was very effective in uncovering a wide variety of vulnerabilities across several products. This approach can reveal vulnerabilities that would not manifest themselves under normal operating conditions.

After completing its work on LDAP, OUSPG moved its focus to SNMPv1. As with LDAP, they designed a custom test suite, began testing a selection of products, and found a number of vulnerabilities. Because OUSPG's work on LDAP was similar in procedure to its current work on SNMP, you may wish to review the LDAP Test Suite and CERT Advisory CA-2001-18, which outlined results of application of the test suite.

In order to test the security of protocols like SNMPv1, the PROTOS project presents a server with a wide variety of sample packets containing unexpected values or illegally formatted data. As a member of the PROTOS project consortium, the OUSPG used the PROTOS c06-snmpv1 test suite to study several implementations of the SNMPv1 protocol. Results of the test suites run against SNMP indicate that there are many different vulnerabilities on many different implementations of SNMP.

Background Information on the Simple Network Management Protocol

The Simple Network Management Protocol (SNMP) is the most popular protocol in use to manage networked devices. SNMP was designed in the late 80's to facilitate the exchange of management information between networked devices, operating at the application layer of the ISO/OSI model. The SNMP protocol enables network and system administrators to remotely monitor and configure devices on the network (devices such as switches and routers). Software and firmware products designed for networks often make use of the SNMP protocol. SNMP runs on a multitude of devices and operating systems, including, but not limited to,

Core Network Devices (Routers, Switches, Hubs, Bridges, and Wireless Network Access Points)
Consumer Broadband Network Devices (Cable Modems and DSL Modems)
Consumer Electronic Devices (Cameras and Image Scanners)
Networked Office Equipment (Printers, Copiers, and FAX Machines)
Network and Systems Management/Diagnostic Frameworks (Network Sniffers and Network Analyzers)
Networked Medical Equipment (Imaging Units and Oscilloscopes)
Manufacturing and Processing Equipment

The SNMPv1 protocol is formally defined in RFC1157. Quoting from that RFC:

Implicit in the SNMP architectural model is a collection of network management stations and network elements. Network management stations execute management applications which monitor and control network elements. Network elements are devices such as hosts, gateways, terminal servers, and the like, which have management agents responsible for performing the network management functions requested by the network management stations. The Simple Network Management Protocol (SNMP) is used to communicate management information between the network management stations and the agents in the network elements.

Additionally, SNMP is discussed in a number of other RFC documents:

RFC 3000 Internet Official Protocol Standards
RFC 1212 Concise MIB Definitions
RFC 1213 Management Information Base for Network Management of TCP/IP-based Internets: MIB-II
RFC 1215 A Convention for Defining Traps for use with the SNMP
RFC 1270 SNMP Communications Services
RFC 2570 Introduction to Version 3 of the Internet-standard Network Management Framework
RFC 2571 An Architecture for Describing SNMP Management Frameworks
RFC 2572 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
RFC 2573 SNMP Applications
RFC 2574 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 2575 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
RFC 2576 Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework

Impact

These vulnerabilities may cause denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain access to the affected device. Specific impacts will vary from product to product.

Solution

Note that many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Care should therefore be taken to ensure that any changes made based on the following recommendations will not negatively impact your ongoing network operations capability.


Contact your vendor for patches.

Please see the Solution section of CA-2002-03 for additional countermeasures.

Vendor Information

107186
 

3Com Affected

Notified:  September 20, 2001 Updated: February 20, 2002

Status

Affected

Vendor Statement

      A vulnerability to an SNMP packet with an invalid length community string has been resolved in the following products. Customers concerned about this weakness should ensure that they upgrade to the following agent versions:

      PS Hub 40

      2.16 is due Feb 2002

      PS Hub 50

      2.16 is due Feb 2002

      Dual Speed Hub

      2.16 is due Jan 2002

      Switch 1100/3300

      2.68 is available now

      Switch 4400

      2.02 is available now

      Switch 4900

      2.04 is available now

      WebCache1000/3000

      2.00 is due Jan 2002

      For updated information on CommWorks Corporation, a 3Com company,
      visit http://www.commworks.com/Press/Archive/2002/February/CERT_Advisory.asp

      In addition, CommWorks' customers should monitor http://totalservice.commworks.com/cert_update.cfm
      for updated information addressing the CERT advisory, as well as information on available patches for
      CommWorks' products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ADTRAN Inc. Affected

Notified:  January 10, 2002 Updated: February 21, 2002

Status

Affected

Vendor Statement

      ADTRAN Advisory:
      SNMPv1 Request and Trap Handling Vulnerabilities
      Revision 1.0
      Release Date: 19 February 2002

      I. Summary
      On February 12, 2002 the CERT®/CC released an advisory related to security vulnerabilities that may exist in network devices using SNMPv1 as the management protocol. In response to this advisory, CERT® Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)", ADTRAN began executing the tests that elicit these vulnerabilities for all ADTRAN products that feature SNMPv1 capability.

      II. Impact
      Preliminary test results have indicated multiple ADTRAN products exhibit certain vulnerabilities to SNMP messages. Some of these vulnerabilities can be exploited, resulting in a denial of service or service interruption. These results have not indicated any vulnerability that will allow an attacker to gain access to the affected device.

      III. Solution
      ADTRAN is currently applying the PROTOS c06-SNMPv1 test suite to all products that feature SNMPv1 capability. Until ADTRAN has completed testing on all of its products and provided patches or fixes to eliminate these vulnerabilities, ADTRAN recommends considering one or more of the following solutions, as identified in CERT® Advisory CA-2002-03, to minimize your network’s potential exposure to these vulnerabilities:
      · Disable the SNMP Service
      · Ingress filtering
      · Egress filtering
      · Filter SNMP traffic from non-authorized internal hosts
      · Segregate SNMP traffic onto a separate management network
      · Restrict SNMP traffic to Virtual Private Networks (VPNs)
      · Change default community strings
      ADTRAN’s NetVanta Solutions
      ADTRAN’s NetVanta 2000 Series of products can be used to provide most of the solutions identified above, including ingress and egress filtering, filtering SNMP traffic from non-authorized internal hosts, and restricting SNMP traffic to Virtual Private Networks (VPNs). For further information on how NetVanta’s VPN and Firewall solutions can secure your network, please see http://www.adtran.com/netvanta2000.

      IV. For Further Information
      For more information please see http://www.adtran.com/support/snmp.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AdventNet Affected

Notified:  January 09, 2002 Updated: November 07, 2007

Status

Affected

Vendor Statement

AdventNet Inc. has reproduced this behavior in their products and coded a Service Pack fix which is currently in regression testing in AdventNet Inc.'s Q.A. organization.  The release of AdventNet Inc's. Service Pack correcting the behavior outlined in [VU#107186], and OUSPG#0100 is scheduled to be generally available to all of AdventNet Inc.'s customers by February 20, 2002."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the AdventNet press release for details about fixed version availability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

American Power Conversion Corporation Affected

Notified:  January 10, 2002 Updated: April 09, 2002

Status

Affected

Vendor Statement

      American Power Conversion has conducted extensive testing in order to
      determine the impact any vulnerabilities within SNMP pose to our customers.
      We have determined that exploiting these vulnerabilities in some versions
      of our firmware can interfere with the normal operation of APC's
      SNMP-enabled products.

      Upgrades are available that repair these vulnerabilities.

      For details, refer to the APC Knowlege Base document titled " American Power
      Conversion Security Bulletin
      " available at www.apc.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Aprisma Affected

Notified:  January 09, 2002 Updated: March 06, 2002

Status

Affected

Vendor Statement

      As mentioned within Aprisma’s February 2002 CERT advisory statement, we have performed the necessary SPECTRUM (6.0 rev3 and 6.5) tests required to address CERT Advisory CA-2002-03, VU#107186 - PROTOS Test-Suite: c06-SNMPv1.

      Aprisma’s comprehensive testing has revealed less than ten SNMP message tests - out of thousands of individual tests conducted - exhibited irregular system behavior. As a result of these findings, Aprisma is issuing the following patches to protect our customers against known SNMPv1 vulnerabilities:

      CERT Advisory CA-2002-03
      VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling:
      ·    Patch 71 for SPECTRUM 6.0 rev3
      ·    Patch 22 for SPECTRUM 6.5 (SPECTRUM infinitya, SPECTRUM integritya, and SPECTRUM xsighta)

      For customer convenience, Aprisma has combined previously released patches (Patches 9 and 21 for SPECTRUM 6.5), that help prevent a SNMPv1 trap-related vulnerability, into the aforementioned Patch 22 for SPECTRUM 6.5. 

      It is recommended that all SPECTRUM customers, who have not taken alternative measures to secure their SPECTRUM servers from SNMPv1 vulnerabilities, install the appropriate patch immediately when available.  Patches will be made available over the next several weeks.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avaya Affected

Notified:  January 24, 2002 Updated: March 07, 2002

Status

Affected

Vendor Statement

      Avaya is addressing the vulnerabilities identified in this advisory. The latest information on the affect of this vulnerability on Avaya products can be found at: http://support.avaya.com/security

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BEA Systems Inc. Affected

Notified:  January 09, 2002 Updated: June 19, 2002

Status

Affected

Vendor Statement

Please see BEA02-16.01.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BMC Software Affected

Updated:  June 11, 2002

Status

Affected

Vendor Statement

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CNT Affected

Notified:  January 10, 2002 Updated: April 08, 2002

Status

Affected

Vendor Statement

      Overview
      On February 12, 2002, the CERT® Coordination Center of Carnegie-Mellon University issued an advisory identifying possible security vulnerabilities of multiple vendor products that utilize the Simple Network Management Protocol (SNMP) for management of those products. This advisory was based on research done by the University of Oulu in Finland. The complete advisory may be found on the CERT web site at: http://www.cert.org/advisories/CA-2002-03.html. If your site uses SNMP-based CNT products in any capacity, we encourage you to read this advisory.

      I. Description
      The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts. The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported vulnerabilities in SNMPv1 implementations from many different vendors. OUSPG's research focused on the manner in which SNMPv1 agents and managers handle request and trap messages. By applying the PROTOS c06-snmpv1 test suite (http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/0100.html) to a variety of popular SNMPv1-enabled products, the OUSPG revealed the following vulnerabilities:

      VU#107186 - Multiple vulnerabilities in SNMPv1 trap handling
      SNMP trap messages are sent from agents to managers. A trap message may indicate a warning or error condition or otherwise notify the manager about the agent's state. SNMP managers must properly decode trap messages and process the resulting data. In testing, OUSPG found multiple vulnerabilities in the way many SNMP managers decode and process SNMP trap messages.

      VU#854306 - Multiple vulnerabilities in SNMPv1 request handling
      SNMP request messages are sent from managers to agents. Request messages might be issued to obtain information from an agent or to instruct the agent to configure the host device. SNMP agents must properly decode request messages and process the resulting data. In testing, OUSPG found multiple vulnerabilities in the way many SNMP agents decode and process SNMP request messages.

      Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the SNMP message to use the correct SNMP community string.

      II. CNT® Products
      CNT has a number of products affected by the SNMP vulnerabilities described above. Each CNT product with SNMP functionality is described below along with the specific vulnerability, or lack thereof, of that product and the recommended procedures to follow with that product.

        • UltraNet® Storage Director
          The UltraNet Storage Director (USD) was tested with the PROTOS test suite. Two tests caused snmpd on the USD to abort and restart; the snmpd responded to requests specifying a community string beginning with a null; several minor ASN.1 / BER handling discrepancies related to invalid encodings were noted. Corrective code for the snmpd aborts and the community string handling issue has been developed and successfully tested. This code will be made available in the USD 2.7 software release, currently scheduled for availability in April 2002. The ASN.1 / BER invalid encoding handling issues will be addressed in a future release. CNT recommends upgrading to the USD 2.7 software release as soon as it is available.
        • UltraNet Edge Storage Router
          The UltraNet Edge Storage Router (Edge) was tested with the PROTOS test suite. Three tests caused the Edge to hang or abort, requiring a reboot. Corrective code for these errors has been developed and successfully tested. The Edge responded to requests specifying a bad SNMP version number; several minor ASN.1 / BER handling discrepancies related to invalid encodings were noted. The responded to bad SNMP version number and the ASN.1 / BER invalid encoding handling issues will be addressed in a future release. This code will be made available in the Edge software release 1.4.1, currently scheduled for release in April 2002. CNT recommends upgrading the Edge to release 1.4.1 as soon as it is available.
        • Channelink®
          The Channelink product was tested with the PROTOS test suite. All tests ran successfully. No failures occurred. No corrective action is required with the Channelink product.
        • WebView
          The WebView SNMP-based element manager was tested with the PROTOS test suite. WebView is not affected by the recent SNMP vulnerabilities found by CERT. No corrective action is required with the WebView product.
        • UltraNet CMF
          The CastleRock software upon which CNT's UltraNet CMF SNMP-based management software is based was tested with the PROTOS test suite. CastleRock has reported two test failures. Corrective code for these errors has been developed and is now being tested within UltraNet CMF. This code will be made available in the CMF release 6.4, currently scheduled for release in early May 2002. CNT recommends upgrading CMF to release 6.4 as soon as it is available.
      III. CNT Product Upgrades
      CNT will continue to test new releases of its products against the PROTOS test suite to ensure that additional vulnerabilities are not introduced as a result of any new releases.

      To determine whether a new CNT product release is available and how to upgrade to that release when available, contact CNT Technical Support (800-752-8061 or 763-268-6600) or contact your company's CNT Technical Account Engineer (TAE).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

COMTEK Services Inc Affected

Notified:  January 09, 2002 Updated: March 22, 2002

Status

Affected

Vendor Statement

      In reference to your notification regarding [VU#617947] [OUSPG#0100],
      vulnerabilities in COMTEK Services' SNMP products are as follows:

      NMServer for AS/400 is not an SNMP master and is therefore not vulnerable.
      However this product requires the use of the AS/400 SNMP master agent
      supplied by IBM.  Please refer to IBM for statements of vulnerabilities for
      the AS/400 SNMP master agent.

      NMServer for OpenVMS has been tested and has shown to be vulnerable.  COMTEK
      Services has released a new version (version 3.5) of this product that
      includes a fix for this problem.  Contact COMTEK Services
      support@comtekservices.com to arrange to download the new version.

      NMServer for VOS has not as yet been tested; vulnerability of this agent is
      unknown.  Contact support@comtekservices.com for further information on the
      testing schedule of the VOS product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CSCare Inc. Affected

Updated:  March 06, 2002

Status

Affected

Vendor Statement

      As a result of this advisory, CSCare has conducted extensive testing of its products. We have determined that exploiting these
      vulnerabilities can interfere with the normal operation of Trap Console 1.4b. Results have not indicated any vulnerability that will
      allow an attacker to gain access to the host computer. It has been determined that Active SNMP 2.0b is not vulnerable.

      CSCare has released Trap Console 1.4c update on March 5, 2002. This release containing fixes for all known vulnerabilities is
      now available for download at http://www.cscare.com/TrapConsole.

      For more information, please feel free to contact CSCare by email at info@cscare.com or by phone at 408-490-2736.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CacheFlow Inc. Affected

Notified:  January 10, 2002 Updated: February 05, 2002

Status

Affected

Vendor Statement

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Carrier Access Affected

Updated:  March 07, 2002

Status

Affected

Vendor Statement

      Carrier Access has reviewed the  released CERT® Advisory CA-2002-03 related
      to security vulnerabilities that exist in network devices using SNMPv1 as the management
      protocol.

      There are no known format string or buffer overflow vulnerabilities. Denial
      of service (management) is a known vulnerability of Carrier Access products
      residing on non-secure networks. Specific testing and a review of test
      reports have revealed no SNMP V1 security issues.   Carrier Access has
      documented this finding in a Product Technical Note (PTN-02-003).  To
      receive a copy of this documentation, please contact Carrier Access customer
      support center at 1-800-786-9929 or email to "tech-support@carrieraccess.com"

      Recommended Actions for Network Security:
      . Review and implementation of accepted solutions outlined in section III
      (Solution) of CERT ® Advisory CA-2002-03
      . Filter of SNMP traffic at network access points
      . Use of proprietary SNMP Community Strings
      . Segregate/Filter Network Management traffic from public domains

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc. Affected

Notified:  September 20, 2001 Updated: February 13, 2002

Status

Affected

Vendor Statement

Cisco Systems is addressing the vulnerabilities identified by VU#854306 and VU#107186 across its entire product line. Cisco has released an advisory:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Compaq Computer Corporation Affected

Notified:  October 17, 2001 Updated: April 10, 2002

Status

Affected

Vendor Statement

      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      TITLE: (SSRT0779) Potential Security Vulnerabilities in SNMP
      Posted at http://ftp.support.compaq.com/patches/.new/security.shtml

      NOTICE: There are no restrictions for distribution of this
      Bulletin provided that it remains complete and intact.

      RELEASE DATE:   18 FEBRUARY, 2002

          UPDATED:   03 APRIL,    2002 - update Tru64, patch availability
                     08 MARCH,    2002 - add StorageWorks products, and
                                         Compaq/Microcom based products.
                     05 MARCH,    2002 - update TRU64 Information

      SEVERITY: MEDIUM

      SOURCE:  Compaq Computer Corporation
              Compaq Global Services
              Software Security Response Team

      CROSS REFERENCE:   (SSRT0799, CAN-2002-0012,
                         CAN-2002-0013, CERT CA-2002-03)

      PROBLEM SUMMARY:

      The Computer Emergency Response Team (CERT/cc) has recently issued an
      advisory regarding numerous potential vulnerabilities in SNMPv1
      implementations. These potential vulnerabilities are applicable to
      SNMPv1 trap handling and SNMPv1 Request handling. The CERT article
      outlines vulnerabilities that can cause SNMP services to stop
      functioning and in some cases may enable "unauthorized access,"
      "denial of service attacks" or may cause system instability.

      IMPACT:
      Compaq NonStop Himalaya Servers:
      Compaq TCP/IP Services for OpenVMS:
      Compaq Tru64 UNIX:
      Compaq Insight Management Suite:
      Compaq Deskpro, Professional Workstation, Armada, Evo:
      Compaq SANworks Hardware:
      Compaq StorageWorks Products
      Compaq/Microcom Products:

      Compaq's findings to date regarding the SNMPv1 issues are as
      follows:

      ________________________________
      Compaq NonStop Himalaya Servers:

      The Compaq Himalaya NonStop Kernel prohibits execution of code on the
      stack or heap by hardware TLB permissions (read/write only),
      preventing Trojan horse attacks by embedding code within the buffer
      overflow area. However, process ABENDs can occur.

      The SNMP agent ABENDs in the c06-snmpv1 buffer-overflow tests.
      This affects forwarding trap messages and/or sending info responses
      to SNMP managers.

      Sub-agents use IPCs to communicate with the SNMP agent, so they
      cannot be directly attacked.  More importantly, sub-agents are
      confined to information only requests, so they cannot be used to
      configure/manage their sub-systems. Our investigation an analysis is
      continuing and further updates will be provided.

      IPMs to address the ABEND problem of the SNMP are in development and
      will be released as soon as verification is complete. Availability of
      these IPMs will be announced in future updates. The exposure to
      SNMP agent ABENDs can be reduced by running the SNMP agent as a
      process-pair or by configuring auto-restart in the Persistence
      Manager.

      __________________________________
      Compaq TCP/IP Services for OpenVMS:

      There is some impact to the SNMP agent provided with Compaq TCP/IP
      Services for OpenVMS. This problem can cause the SNMP agent to ACCVIO
      and terminate temporarily denying service to SNMP, but in most cases
      after this occurs Compaq TCP/IP Services for OpenVMS will restart
      the SNMP agent in response to the next SNMP request. There are no
      known risks of compromising system security due to this problem.
      The SNMP agent executes from a non-privileged process, which
      prevents any compromise to system security.

      Our investigation and analysis has determined the cause of the
      problem. The updated images for Compaq TCP/IP Services for OpenVMS
      are now in final test. Compaq will provide updates to Compaq TCP/IP
      Services for OpenVMS in the next ECO and also in the next release,
      Compaq TCP/IP Services for OpenVMS V5.3. Contact Compaq's Customer
      Support Center if an earlier updated is required.

      __________________
      Compaq Tru64 UNIX:

      UPDATE: 02 April, 2002

      There is no known risk of compromising Tru64 UNIX system security
      due to the recent SNMP attack.  The SNMP agent provided with
      Tru64 UNIX is susceptible to a limited problem - the SNMP
      agent may stop responding to SNMP requests, or it may incur a
      segmentation fault, generate a core file, and exit. Either scenario
      denies SNMP service to SNMP-based network management applications.
      However,  we have not found the attack to cause the system to be
      unstable, vulnerable to "unauthorized access",  or subject to any
      denial of service other than to the SNMP service.

      Impacted Tru64 UNIX operating system versions include:
      Tru64 UNIX 4.0f, 4.0g, 5.0a, 5.1, 5.1a.

      SOLUTION:

        Until the Tru64 UNIX fixes are available in the mainstream release
        patch kits, Compaq is releasing the following Early Release Patch
        Kit(s) (ERPs) publicly for use by any customer.

        The Early Release Patch kits use dupatch to install and will not
        install over any Customer-Specific-Patches (CSPs) which have file
        intersections with the ERPs. Raise an IPMT case to UNIX Support
        Engineering if you need a CSP merged with one of the following
      ERPs.

        The fixes contained in the Early Release Patch (ERP) kits will be
        available in the next mainstream patch kit(s) for:
             - Tru64 UNIX 4.0F PK8
             - Tru64 UNIX 4.0G PK4
             - Tru64 UNIX 5.0A PK4
             - Tru64 UNIX 5.1  PK5
             - Tru64 UNIX 5.1A PK2

        ---------------------
        Early Release Patches
        ---------------------

        Tru64 UNIX 4.0F
        PREREQUISITE:    Tru64 UNIX 4.0F with PK7 (BL18) installed
        ERP Kit Name:    DUV40FB18-C0071301-13866-ES-20020401
        Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0f/


        Tru64 UNIX 4.0G
        PREREQUISITE:    Tru64 UNIX 4.0G with PK3 (BL17) installed
        ERP Kit Name:    T64V40GB17-C0012100-13640-ES-20020313
        Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0g/


        Tru64 UNIX 5.0A
        PREREQUISITE:    Tru64 UNIX 5.0A with PK3 (BL17) installed
        ERP Kit Name:    T64V50AB17-C0019600-13593-ES-20020308
        Kit Location: http://ftp1.support.compaq.com/public/unix/v5.0a/


        Tru64 UNIX 5.1
        PREREQUISITE:    Tru64 UNIX 5.1 with PK4 (BL18) installed
        ERP Kit Name:    T64V51B18-C0109002-13712-ES-20020318
        Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1/


        Tru64 UNIX 5.1A
        PREREQUISITE:    Tru64 UNIX 5.1A with PK1 (BL1) installed
        ERP Kit Name:    T64V51AB1-C0014802-13710-ES-20020318
        Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1a/

        MD5 and SHA1 checksums are available in the public patch notice for
        the ERP kits. You can find information on how to verify MD5 and
        SHA1 checksums at:
             http://www.support.compaq.com/patches/whats-new.shtml

      ________________________________
      Compaq Insight Management Suite:

      (ProLiants running industry standard operating systems including
      Windows 2000, NetWare, Linux, etc)

      The Compaq Insight Management Suite utilizes SNMP as a primary
      communications method.  Fixes to the operating systems affected will
      be provided by the vendors involved.  Check
      http://www.compaq.com/manage/security the most up-to-date
      information.

      _______________________________________________
      Deskpro, Professional Workstation, Armada, Evo:

      The Deskpro, Professional Workstation, Armada, Evo(Microsoft
      operating systems including Windows XP, Windows 2000, Windows 98, and
      Windows 95) Compaq Management Agents for Clients utilizes SNMP as an
      optional communications method.

      Fixes to the operating systems affected
      will be provided by Microsoft.  Check
      www.microsoft.com/technet/security/bulletin/MS02-006.asp for the most
      up-to-date information.


      _____________________________________
      Compaq SANworks Management Appliance:

      The SANworks management appliance is essentially a Compaq server and
      our recommended configuration does not have it connected directly to
      the internet.  Therefore, it is less exposed than other servers to
      external SNMP security attacks.  However, the appliance is
      susceptible to SNMP security attacks from inside the firewall that
      could result in the graceful termination of some storage management
      applications on the appliance.

      Compaq will provide a patch to the appliance as soon as possible.

      _____________________________
      COMPAQ STORAGEWORKS PRODUCTS:

      UPDATE: 08 MARCH, 2002

      The following Compaq StorageWorks products have Ethernet
      connections that may potentially be exposed to the SNMPv1
      vulnerability:

      Compaq StorageWorks SAN Switch 8, 8-EL, 16, 16-EL, 2/16, Integrated
      32 or 64 Port
      Compaq StorageWorks SAN Director 64
      Compaq StorageWorks Modular Data Router
      Compaq StorageWorks 12 Port Fibre Channel Managed Hub
      Compaq StorageWorks 20/40 GB 8 Cassette AutoLoader


      RESOLUTION:
      Compaq StorageWorks SAN Switch 8, 8-EL,
      16, 16-EL, 2/16, Integrated 32 or 64 Port:
      There are currently no known issues related to vulnerability
      notes VU#854306 or VU#107186 with these products.
      They have passed all validation tests conducted to date.

      Compaq StorageWorks SAN Director 64:
      This product has been evaluated with a SNMP based test program that
      attempts to overload the director with SNMP traffic such as GET, Set
      and Get Next commands. No problems were found in this testing.
      Additionally, Compaq is in the process of evaluating the details of
      the SNMP implementation in this product. Any problems identified that
      are determined to pose a risk to customer operations will be
      documented and addressed in future maintenance releases. Note that
      the advisory documented two areas of vulnerability. One area involves
      Trap handling on the part of SNMP Management components, and the
      other area involves the processing of GET, Set and Get Next commands
      on the part of SNMP Agent components. The director implements only
      the SNMP Agent components, so none of the problems related to Trap
      handling apply. Also, the SNMP Agent on the director management
      server is disabled by default.  No SNMP messages are processed by
      the management server unless the systems administrator has explicitly
      enabled the SNMP Agent.  On the director itself, the SNMP Agent is
      enabled by default, but for read access only.

      Compaq StorageWorks Modular Data Router:
      The potential vulnerability has to do with SNMP Set commands.
      The only Set command the MDR allows is to set the trap address.

      Compaq StorageWorks 12 Port Fibre Channel Managed Hub:
      Compaq is in the process of evaluating the SNMP implementation
      in this product.

      Compaq StorageWorks 20/40 GB 8 Cassette AutoLoader:
      Compaq is in the process of evaluating the SNMP implementation
      in this product.

      ________________________
      COMPAQ/MICROCOM PRODUCTS:

      UPDATE: MARCH 08, 2002
      _________________________________________
      Microcom Access Integrator (All Versions)
      Compaq-Microcom 6000 Series Remote Access Concentrators(All Versions)

      Both products use SNMPv1 protocol as the transport for system
      management, either through expressWATCH, or third party SNMP clients.
      These products are normally managed over the LAN by clients using IP
      ports UDP 161 for SNMP and UDP 162 for SNMP Traps.  The SNMP agents
      integrated in these products cannot be disabled. Access to the system
      via the PRI, T1 or analog modules do not present a security risk
      related to SNMPv1.

      Incursions may result in instability of the system requiring a hard
      reset of one or more of the systems modules, which will result in
      temporary loss of connectivity to dial in clients. Users will be
      able to reconnect after the systems has reset.

      RECOMMENDATIONS:
      Compaq recommends the following precautions in accordance with good
      general networking administration practices.

      1. Apply perimeter filtering to SNMP traffic. Upstream
      internet routers, or Firewall should be configured to filter
      UDP ports 161 and 162.

      2. Compaq has always recommended that the associated
      engines contained in the CM6000 Series reside on an internal
      network using a non-routable private addressing scheme.

      3. The system should not be managed over the internet or
      an non secure LAN.

      ______________________________
      Microcom ISPorte (All Versions)
      Compaq Microcom 4000 concentrator

      These products make very limited use of the SNMPv1 protocol on
      the Ethernet portion of their PRI/T1 modules. In the limited
      number of installations where digital calls are being tunneled
      to NT servers on the connected LAN, there is a potential for
      SNMP packets to reach the PRI/T1 card through it's Ethernet
      port. Access to the system via the analog modem modules do
      not present security risk related to SNMPv1.

      Incursions may result in instability of the PRI/T1 card, resulting
      in a loss of connectivity for dial in users. A hard reset is the
      only way to correct these failure, but a hard reset will also
      disconnect all remaining users. Users will be able to reconnect
      after the system resets.

      RECOMMENDATIONS:
      Compaq recommends the following precautions in accordance with good
      general networking administration practices.

      1. Apply perimeter filtering to SNMP traffic. Upstream internet
      routers should be configured to filter UDP ports 161 and 162.

      2. If the system is being used for analog dial in access only,
      it should not be connected to the LAN via the Ethernet port on
      the PRI/T1 card.

      ___________________________
      Microcom SNMP HDMS+ System (Version 1.3.1)

      The great majority of HDMS+ systems installed do not have SNMP
      capabilities and are therefore not at risk. These systems can be
      identified by the absence of a 10baseT connector on the rear of the
      controller card.

      A limited number of SNMP HDMS+ systems were produced, this product
      uses SNMPv1 protocol as the transport for system management.
      Management clients can include either expressWATCH, or third party
      SNMP clients.

      The product can be managed over the LAN by clients using IP ports
      UDP 161 for SNMP and UDP 162 for SNMP Traps, or through a serial
      RS232 port using SLIP.  The SNMP agents integrated in these products
      cannot be disabled. Access to the system via the analog modem modules
      do not present security risk related to SNMPv1.

      Incursions may result in instability of the systems management
      controller, which may require a hard reset. The reset of this
      controller may result in a temporary loss of connectivity for
      dial in users. Dial in users will be able to reconnect after
      the system has reset.

      RECOMMENDATIONS:
      Compaq recommends the following precautions in accordance with good
      general networking administration practices.

      1. Apply perimeter filtering to SNMP traffic. Upstream
      internet routers or firewalls should be configured to filter
      UDP ports 161 and 162.

      2. The system should not be managed over the internet.

      3. The system should not be managed over a non secure LAN.
      Direct management via a serial RS232 SLIP connection would be
      recommended.

      For assistance or clarification on any of the recommendation for
      Compaq/Microcom products, please call 01-800-652-6672 and from
      the menu select 2,3,1 then enter routing code 1851

      ____________________________________________________________________




      NOTE:

      Many systems operate behind firewalls and would normally
      implement SNMP blocking for SNMP as standard procedure. Based on SNMP
      blocking and ingress/egress filtering, the potential Security
      vulnerability may only be exploited by users who have access to your
      local security domain, therefore the risk is diminished.


      SUPPORT:

      This advisory bulletin will be updated for the various
      products requiring patches and individual patch notifications
      will be done through standard "patch notification" procedures
      for those products. For further information, contact your normal
      Compaq Support channel.


      SUBSCRIBE:

      To subscribe to automatically receive future Security
      Advisories from the Compaq's Software Security Response Team via
      electronic mail:

      http://www.support.compaq.com/patches/mailing-list.shtml

      REPORT:

      To report a potential security vulnerability with any Compaq
      supported product, send email mailto:security-ssrt@compaq.com
      or mailto:sec-alert@compaq.com

      Compaq appreciates your cooperation and patience. As always,
      Compaq urges you to periodically review your system management
      and security procedures. Compaq will continue to review and
      enhance the security features of its products and work with
      our customers to maintain and improve the security and integrity
      of their systems.

      "Compaq is broadly distributing this Security Bulletin in order to
      bring to the attention of users of the affected Compaq products the
      important security information contained in this Bulletin.
      Compaq recommends that all users determine the applicability of
      this information to their individual situations and take appropriate
      action.  Compaq does not warrant that this information is necessarily
      accurate or complete for all user situations and, consequently,
      Compaq will not be responsible for any damages resulting from
      user's use or disregard of the information provided in this
      Bulletin."

      Copyright 2002 Compaq Information Technologies Group, L.P.
      Compaq shall not be liable for technical or editorial errors
      or omissions contained herein. The information in this document
      is subject to change without notice. Compaq and the names of
      Compaq products referenced herein are, either, trademarks
      and/or service marks or registered trademarks and/or service
      marks of Compaq Information Technologies Group, L.P. Other product
      and company names mentioned herein may be trademarks and/or service
      marks of their respective owners.

      -----BEGIN PGP SIGNATURE-----
      Version: PGP 7.0.1

      iQA/AwUBPLQ7jznTu2ckvbFuEQLuTwCgrJV3CBEwYiFEbWsCF0mbHBRVc/oAoNcI
      1KxCsylGTohymyn9t4kbuR/C
      =F6B1
      -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Computer Associates Affected

Notified:  January 11, 2002 Updated: February 12, 2002

Status

Affected

Vendor Statement

Computer Associates has confirmed Unicenter vulnerability to the SNMP advisory identified by CERT notification reference [VU#107186] and OUSPG#0100. We have produced corrective maintenance to address these vulnerabilities, which is in the process of publication for all applicable releases / platforms and will be offered through the CA Support site. Please contact our Technical Support organization for information regarding availability / applicability for your specific configuration(s).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Concord Communications Affected

Notified:  January 18, 2002 Updated: March 19, 2002

Status

Affected

Vendor Statement

      Concord's eHealth Console product has some vulnerabilities to the OUSPG test
      suite. Patches are available.

      Concord's SystemEDGE agent has been tested and is not vulnerable on Unix
      platforms. Under Windows, it is a sub-agent of the Windows SNNMP agent, and
      therefore the Windows hot fixes should be applied. SystemEDGE is not
      vulnerable on Win2K and XP with Microsoft's hot fixes.

      Please see this page on Concord's web site for more detail and for patch
      availability: http://www.concord.com/certadvisory.shtml

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Dart Communications Affected

Notified:  January 30, 2002 Updated: February 27, 2002

Status

Affected

Vendor Statement

      In response to CERT® Advisory CA-2002-03, the PowerTCP SNMP Tool has been
      reviewed and found vulnerable for issue VU#854306 and VU#107186.  To address
      these issues, an update of the PowerTCP SNMP Tool will be released on
      February 28th, 2002.  Details of the specific problems found and the methods
      used to address these vulnerabilities will be included in the PowerTCP
      Release History at http://www.dart.com/downloads/update.txt .  If you have
      any questions concerning PowerTCP SNMP security vulnerabilities, please
      contact Dart Communications at support@dart.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Dell Affected

Notified:  January 19, 2002 Updated: April 19, 2002

Status

Affected

Vendor Statement

      Title
      Dell Response to CERT® Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)

      Audience

      For worldwide distribution provided that the contents are not altered in any way.

      Released

      April 8, 2002

      Updated

      April 19, 2002 (Updated the Dell PowerVault section regarding PowerVault 701N and PowerVault 705N)

      Reference

      CERT Advisory CA-2002-03 - http://www.cert. org/advisories/CA-2002-03.html

      Overview

      The CERT/CC released an industry-wide SNMP advisory on February 12, 2002. An SNMPv1 test suite provided by the Oulu University Secure Programming Group (OUSPG) has been found to adversely affect many SNMPv1 implementations, causing the potential for “unauthorized privileged access”, �nial-of-service attacks” and general unstable behavior.

      Potential Impact

      Dell PowerEdge
      Dell OpenManage
      Dell PowerVault
      Dell PowerApp
      Dell PowerConnect


      Dell PowerEdge, Dell OpenManage
      Dell PowerEdge servers running Dell OpenManage software utilize SNMPv1, however this software makes use of the operating system’s master SNMP agent. After applying the appropriate update(s) from the operating system manufacturer, Dell SNMP agents are not affected.

      Solution
      : Apply the appropriate update(s) provided by the operating system vendor. For more information, click here.


      Dell PowerVault
      The following Dell PowerVault storage systems have been found vulnerable to the OUSPG SNMPv1 test suite:

      Dell PowerVault 701N
      Dell PowerVault 705N

      Solution
      : These devices require an update from Dell.

      The Dell PowerVault Assist utility that is required to update both PowerVault 701N and PowerVault 705N devices can be found here.
      The updated image for both the PowerVault 701N and PowerVault 705N devices can be found here.


      Dell PowerApp
      The following Dell PowerApp appliance has been found vulnerable to the OUSPG SNMPv1 test suite:

      Dell PowerApp 220 (Dell PowerApp.BIG-IP)

      Solution
      : This device requires an update from Dell.

      Information regarding the update for non-encrypted devices can be found here.
      Information regarding the update for encrypted devices can be found here.


      Dell PowerConnect
      All Dell PowerConnect devices successfully passed the test cases provided by the OUSPG SNMPv1 test suite.


      Operating System Vendor Information
      The following Dell supported operating system vendors have released information regarding their SNMPv1 vulnerabilities:

      Microsoft®

      http://www.microsoft.com/technet/security/bulletin/MS02-006.asp

      Novell®

      http://supp ort.novell.com/servlet/tidfinder/2961546

      Red Hat®

      http:// www.redhat.com/support/errata/RHSA-2001-163.html


      Dell Computer Corporation has provided this advisory bulletin in response to the concerns raised by OUSPG and to provide information to users of Dell systems regarding its SNMP implementation. Dell recommends that user's review this information and determine its applicability to their individual situations. In addition, Dell does not provide any warranty as to the accuracy or completeness of this information and will not be liable for damages that may result from usage or disregard of the information provided. The information provided is subject to change. For further information and related updates, please contact your standard Dell support channel. Dell retains ownership of its trademarks and service marks as well as the information contained in this advisory bulletin.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Digital Networks Affected

Updated:  July 25, 2002

Status

Affected

Vendor Statement

      Digital Networks is addressing the vulnerabilities identified in this
      advisory.  The latest information on the affect of this vulnerability on
      Digital Networks products as well as any remedial software patches can be
      found at
      http://www.digitalnetworks.net/support.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Entrada Networks Affected

Updated:  April 22, 2002

Status

Affected

Vendor Statement

      This is in reference to you notification regarding VU#854306, VU#107186, and OUSPG#0100. Entrada Networks has reproduced this behavior and coded a software release enhancement for the affected products which is currently in regression testing within Entrada Networks' Quality Assurance organization. The release of Entrada Networks software enhancement addressing the behavior outlined in VU#854306, VU#107186, and OUSPG#0100 will be available to Entrada Networks, Sync Research, and Rixon Networks customers with Software Subscription Service on a request basis, no later than April 15, 2002.

      Entrada Networks has also produced a document discussing the alternative workarounds or configuration options to address the behavior outlined in VU#854306, VU#107186, and OUSPG#0100.This document is also available on request from customers. Please contact the Technical Support organization at 800-331-8669 for more information.

      Entrada Networks is providing the statement below as a response to
      be included in your vendor's statement section on SNMP CERT Alert 2002-03.

      Entrada Networks Sync Research, Inc. and Rixon Networks, Inc., (both are companies of Entrada Networks)

      Entrada Networks, through the companies of Sync Research, Inc. and
      Rixon Networks ,has confirmed vulnerability to the SNMP advisory identified
      by CERT notification reference [VU#107186 & VU#854306] and OUSPG#0100.

      Sync Research also manufactures and supports products formerly
      manufactured by Tylink, Inc. and Osicom, Inc.
      Rixon Networks, Inc. also manufactures and supports products
      formerly manufactured by Osicom, Inc.

      Entrada Networks has run all the test cases found in the PROTOS test-suite, c06snmpv1:
         1. c06-snmpv1-req-app-pr1.jar
         2. c06-snmpv1-req-enc-pr1.jar
         3. c06-snmpv1-trap-app-pr1.jar
         4. c06-snmpv1-trap-enc-pr1.jar

         The tests were run with standard delay time between the requests
      (100ms).

         Entrada Networks, through their companies of Sync Research and Rixon
      Networks, supplies a broad range of networking products, some of which are
      affected by the SNMP vulnerabilities identified by CERT Coordination Center.
      The manner, in which, they are affected and the actions required to avoid
      being impacted by exploitation of these vulnerabilities varies from product
      to product.
        
      Entrada Networks customers may contact our Technical Support Center
      via either telephone 800-331-8669 or via email: mailto:support@sync,com  for
      additional information, especially regarding their availability of the
      latest enhanced code releases addressing the SNMP vulnerabilities.

         The tests that were run apply to the following Entrada Networks,
      Sync Research, and Rixon Networks  products.

         The Sync Research FRADs (3600,3700, 4200, and 4300 series), the
      Tylink FRAPs (D-FRAP, M-FRAP, S-FRAP, T-FRAP),
         Sync Research management platform (Envisage for Windows and Envisage
      for UNIX) and the Osicom Routermate series.
         The software tested on these products was the latest software
      releases that are generally available.

         Entrada Networks is in the process of creating a publication for all
      applicable releases / platforms and will be offering this publication
      through the Entrada Networks Support site at
      <http://www.entradanetworks.com>  or the Sync Research, Inc. site at
      <http://www.sync.com> at a future date.

         Please contact our Technical Support organization for information
      regarding availability / applicability for your specific configurations.

         Following is a list of companies whose products are addressed by
      this preliminary response:

         Sync Research, Inc. (see Entrada Networks)
         Osicom, Inc. (see Entrada Networks)
         Rixon Networks, Inc. (see Entrada Networks)
         Torrey Pines Networks, Inc. (see Entrada Networks)
         Tylink, Inc. (see Entrada Networks)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Equinox Systems Affected

Updated:  March 19, 2002

Status

Affected

Vendor Statement

      This is in reference to the CERT Advisory CA-2002-03 addressing
      potential security vulnerabilities that exist in network devices
      using SNMPv1 as the management protocol.  Equinox has determined that
      exploitation of these vulnerabilities may interfere with normal
      operation of our ESP serial hub through malicious use of the
      management interfaces provided for its Equiview Plus application.  We
      are evaluating the impact on the ESP and will release appropriate
      fixes if necessary.  In the interim, Equinox recommends the following
      mitigation procedures.

      In most network environments, firewalls are deployed to prohibit
      externally originating SNMP traffic and both detect and prevent
      Denial of Service attacks.  Since the ESP does not currently allow
      for disabling of SNMP, it is recommended that this device be operated
      in a secure environment in conjunction with the following SNMP
      network security safeguards:

      1.    Filter SNMP access to managed devices to ensure the traffic
      originates from known management systems
      2.    Use upstream firewall/access lists to deny access to the SNMP
      agents accessible on the network
      3.    Use access profiles to deny SNMP access to unknown users
      4.    Use dedicated management VLANs or out-of-band management to
      contain SNMP traffic and multicasts
      5.    Change the default community strings

      Equinox will continue to address potential security problems across
      its product line and provide patches as circumstances dictate.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks, Inc. Affected

Notified:  January 10, 2002 Updated: March 15, 2002

Status

Affected

Vendor Statement

      All versions of BIG-IP, 3-DNS, GLOBAL-SITE and EDGE-FX are vulnerable if the SNMP agent is enabled. Most versions have the SNMP agent enabled by default. Patches are available for all affected versions.

      SEE-IT is not affected by this vulnerability.

      If a customer is unable to install the patch, the SNMP service may be disabled. Below are instructions for obtaining patches and for disabling the SNMP service for each vulnerable product.

      BIG-IP

      A patch exists to correct this problem. Please see http://tech.f5.com/home/bigip/solutions/security/sol1622.html .

      Alternatively, you can simply disable the SNMP service using the instructions below:

        1.Log in to the BIG-IP Configuration utility.

        2.Navigate to the SNMP section. For version 4.0 and above this is a tab under System Administration.

        3.De-select the Enable box at the top of the screen and click the Apply button.

      This will disable the SNMP service on BIG-IP.


      3-DNS

      A patch exists to correct this problem. Please see http://tech.f5.com/home/3dns/solutions/security/sol1624.html .

      Alternatively, you can simply disable the SNMP service using the instructions below:

        1.Log in to the 3-DNS Configuration utility.

        2.Navigate to the SNMP section. This is the tab under 3-DNS Sync .

        3.De-select the Enable box at the top of the screen and click the Apply button.

        4.Log in to the Command Line Interface of the 3-DNS.

        5.Run the following command:

          kill -9 `ps -ax | grep snmpd | awk '{print $1}'`
      This will disable the SNMP service on 3-DNS.


      GLOBAL-SITE

      A patch exists to correct this problem. Please see http://tech.f5.com/home/globalsite/solutions/security/sol1626.html.

      Alternatively, you can simply disable the SNMP service using the instructions below:

      GLOBAL-SITE version 2.2

      To disable the SNMP agent for GLOBAL-SITE version 2.2, type the following command from the command prompt:

      ITCMconsole service snmpd stop

      This command stops the snmpd agent.

      ITCMconsole service snmpd disable

      This command disables snmpd so it does not start again at the next boot.

      To verify the status of snmpd, enter the following command:

      ITCMconsole show snmpd status


      GLOBAL-SITE version 2.1PTF-01 and earlier:

      On versions 2.1 PTF-01 and earlier, snmpd is not running by default so the GLOBAL-SITE Controller should not be affected. However, if you have enabled snmpd manually, you should disable it.


      EDGE-FX

      A patch exists to correct this problem. Please see http://tech.f5.com/home/edgefx/solutions/security/sol1625.html .

      Alternatively, you can simply disable the SNMP service using the instructions below:

      There are three SNMP daemons running on the cache. By default, the EDGE-FX Cache runs the snmpd, the edgefxsnmpd, and Inktomi's snmpdm .
      Disabling snmpd and edgefxsnmpd

      To disable and stop the SNMP agents, you should use the ITCMconsole. Type the following commands from the command prompt:

      ITCMconsole service snmpd stop

      This command stops the snmpd agent.

      ITCMconsole service snmpd disable

      This command disables snmpd so it does not start again at the next boot.

      To verify the status of snmpd, enter the following command:

      ITCMconsole show snmpd status

      Once the snmpd and edgefxsnmpd daemons are disabled, no other snmp traffic will be accepted.


      Disabling snmpdm

      The snmpdm agent, is also enabled by default. This Inktomi specific agent can be disabled or killed. In order to avoid traffic server anomalies, you should not kill this this daemon.

      According to CERT® Advisory CA-2002-03 :

      "Inktomi Corporation does not believe our [Inktomi] CDS product is vulnerable. Vulnerability would stem from the use of SNMP Research software in the CDS product. However, SNMP Research has stated that their product Emanate, versions 15.x and higher, is not vulnerable. As Inktomi's CDS uses Emanate 15.3, we [Inktomi] conclude that CDS is not vulnerable."

      Inktomi's CDS contains the same Traffic Server that EDGE-FX utilizes, which contains the Emanate 15.3 daemon (snmpdm).

      If you still want to kill this SNMP agent, you can use the Configuration utility or the command line.

      To disable the SNMP agent from the Configuration utility:

        1.From your browser, access the Configuration utility (refer to Accessing the Configuration utility).

        2.On the Configure tab, click the Server button.

        3.Scroll to the SNMP section of the Server Basics page.

        4.Click the SNMP Agent Off radio button.

        5.Click the Make These Changes button.

      To disable the SNMP agent manually:

        1.In a text editor, open the records.config file located in the EDGE-FX Cache’s /config/traffic_server/config directory.

        2.Edit the following variable:

          proxy.config.snmp.master_agent_enabled

          Set this variable to 0 to disable SNMP on the EDGE-FX Cache node.

        3.Save and close the records.config file.

        4.Make the /usr/local/cache/bin directory the working directory and run the following command to apply the configuration changes.

          ./traffic_line -x

          Note: you can also use the following command to restart the traffic_server: start_traffic_server.


      SEE-IT

      It has been determined that SEE-IT is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fluke Corporation Affected

Updated:  April 26, 2002

Status

Affected

Vendor Statement

      Fluke Networks' response to CERT Advisory 2002-03

                 The CERT® Coordination Center recently announced that numerous
                 vulnerabilities have been reported in multiple vendors' SNMP
                 implementations. For your information, Fluke Networks has created
                 the following Q&A which includes a tutorial, Using Fluke Networks
                 products to manage SNMP risk on your network.

                 Q&A

                 What is the actual risk?

                 The impact of the vulnerability is different for each vendor and
                 their own products. For SNMP agents and Trap listeners running on
                 network operating systems, some attacks could bypass system security
                 controls. Overall, most attacks resulted in a �nial-of-service” in
                 which the entire product or portions of the product stopped working
                 properly.

                 Which Fluke Networks products are affected?

                 Fluke Networks has tested its products that listen for SNMP Traps or
                 contain an internal SNMP agent. It has been discovered that some
                 circumstances exist that could potentially cause a
                 �nial-of-service” condition for a Fluke Networks product, forcing
                 the product to “hang” or reboot. However, this situation would only
                 affect Fluke Networks products and would not compromise our
                 customers’ networks.

                 Fluke Networks products that could be affected include the OptiView™
                 Integrated Network Analyzer, the OptiView™ Workgroup Analyzer and
                 the OptiView™ Link Analyzer.

                 As of this writing, there have been no known "denial-of-service"
                 incidents reported with Fluke Networks products. To reiterate,
                 should such an event occur involving a Fluke Networks product, this
                 would not affect the operation of customers' networks or any of
                 their network infrastructures. Nor would there be any risk of anyone
                 externally gaining access to customer data.

                 Future action

                 At this time, we plan to resolve all known vulnerabilities in the
                 next scheduled software update for the affected products. Customers
                 who participate in the Gold Priority Support program will be
                 eligible to receive these updates as part of their membership.
                 Customers who do not participate in this program should contact our
                 Technical Assistance Center (TAC) at 1-800-638-3497 (North America)
                 or +1-425-446-4519 (Outside North America).

                 Recommendations

                 We recommend the following "best practices" to reduce the potential
                 risk of SNMP related attacks:   
                 1.   Ensure that yourexternal firewalls deny all incoming SNMP traffic.
                 2.   Change the default community strings for all SNMP devices. Audit
                      your network for devices using the community strings of "public"
                      and "private" as well as for those other community strings that
                      are set by default by equipment manufacturers.
                 3.   Analyze SNMP traffic for patterns of attack.

                 Tutorial: Using Fluke Networks products to manage this risk on your
                 network

                 1. Identify SNMP agents on the network
                 The OptiView Integrated Network Analyzer and OptiView Workgroup
                 Analyzer have the capability of discovering all devices within a
                 broadcast domain that are SNMP enabled.

                 On the Setup/Security screen, configure all known and old community
                 strings making sure you include strings such as "public", "private"
                 and "security".

                 Re-run the tests by selecting the "Rerun Test" tab.

                 Select the "Discovery" tab and then select the SNMP Agents category
                 in the left hand pane. The resulting display shows all SNMP agents
                 discovered by the test.

                 2. Test your firewall for filtering SNMP traffic
                 From a LAN segment outside your firewall, use the OptiView
                 Integrated Network Analyzer to query known SNMP agents on the
                 protected side of your network. After the "Network-Under-Test"
                 interface has a proper IP configuration, enter the IP address of a
                 known SNMP agent on the Tools screen.

                 Note: Using Fluke Networks’ Protocol Expert™ on the protected side
                 of your firewall, allows you to see if the firewall is denying any
                 and all SNMP traffic from flowing through the firewall as well as
                 preventing SNMP responses from leaving your network.

                 Using two OptiView Analyzers, one on either side of the firewall,
                 can be used to easily check this condition. Use the Packet Capture
                 and Statistics feature to ensure that no SNMP traffic is flowing in
                 from outside of the firewall.

                 3. Analyze network patterns for SNMP attacks
                 Using the OptiView Integrated Network Analyzer, the OptiView
                 Workgroup Analyzer or the OptiView Link Analyzer, a combination of
                 packet capture and protocol statistics can be used to gather
                 evidence of an SNMP attack.

                 Select the "Top Hosts" tab to look for nodes that should not be
                 sending SNMP queries. Select the "Top Conversations" to check for
                 unusual Conversation Pairs within the SNMP traffic.

                    Fluke Networks' Copper and Fiber taps can be used to access
                 switch-to-switch links and the Switch-TAP™ capability of the
                 OptiView™ Inspector Console can be used to program the mirror ports
                 of a variety of switches.

                 For more information

                 For questions, concerns or more information, please contact the
                 Fluke Networks TAC at 1-800-638-3497 (North America),
                 +1-425-446-4519 (outside North America) or email us at:
                 nettech@flukenetworks.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD, Inc. Affected

Notified:  October 17, 2001 Updated: February 13, 2002

Status

Affected

Vendor Statement

FreeBSD does not include any SNMP software by default, and so is not vulnerable. However, the FreeBSD Ports Collection contains the UCD-SNMP / NET-SNMP package. Package versions prior to ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release will ship the corrected version of the UCD-SNMP / NET-SNMP package. In addition, the corrected version of the packages is available from the FreeBSD mirrors.
FreeBSD has issued the following FreeBSD Security Advisory regarding the UCD-SNMP / NET-SNMP package:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:11.snmp.asc.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

General DataComm Affected

Updated:  February 21, 2002

Status

Affected

Vendor Statement

      General DataComm Advisory Bulletin

      http://www.gdc.com/products/bulletin.shtml

      Ref:  CERT Advisory CA-2002-03
      Multiple Vulnerabilities in Many Implementations of Simple Network Management Protocol (SNMP)

      GDC  TEAM  SNMP

      The GDC TEAM applications use the HP OpenView NNM SNMP protocol stack for its
      SNMP network management communication to its SpectraComm Manager (SCM) card.
      The SCM contains an SNMP proxy agent.

      Recommendations:

      1. The SCM does not have a default read/write community name of "private" which makes it less
      susceptible for hackers to change device configurations or taking down the management or data network.
      The SCM does have a default read only community name of "public". The customer is advised to change
      this.

      2. The major GDC network management customers usually use a separate
      private LAN for their management traffic to eliminate the exposure to outside illegal entry.

      3. Please read below, obtain and install the HP HPOV patches from the listed sites.

      HP HPOV   NNM (Network Node Manager)
             ---------------------------------------------------------
             Some problems were found in NNM product were related to
             trap handling. Patches in process. Watch for the
             associated HP Security Bulletin.

             ----------------------------------------------------------
             HP-UX Systems running snmpd or OPENVIEW
             ----------------------------------------------------------
             The following patches are available now:

             PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch
             PHSS_26138 s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch

             PSOV_03087 EMANATE Release 14.2 Solaris 2.X Agent Consolidated   Patch

             All three patches are available from:

             http://support.openview.hp.com/cpe/patches/

             In addition PHSS_26137 and PHSS_26138 will soon be available from:

             http://itrc.hp.com

             NOTE: The patches are labeled OV(Open View). However, the patches
             are also applicable to systems that are not running Open View.
            


             Any HP-UX 10.X or 11.X system running snmpd or snmpdm is vulnerable.
             To determine if your HP-UX system has snmpd or snmpdm installed:

             swlist -l file | grep snmpd

             If a patch is not available for your platform or you cannot install
             an available patch, snmpd and snmpdm can be disabled by removing their
             entries from /etc/services and removing the execute permissions from
             /usr/sbin/snmpd and /usr/sbin/snmpdm.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Affected

Notified:  October 17, 2001 Updated: April 01, 2002

Status

Affected

Vendor Statement

      HP Support Information Digests

      ===============================================================================
      o  Security Bulletin Digest Split
        ------------------------------

        The security bulletins digest has been split into multiple digests
        based on the operating system (HP-UX, MPE/iX, and HP Secure OS
        Software for Linux).  You will continue to receive all security
        bulletin digests unless you choose to update your subscriptions. 
       
        To update your subscriptions, use your browser to access the
        IT Resource Center on the World Wide Web at:

         http://www.itresourcecenter.hp.com/

        Under the Maintenance and Support Menu, click on the "more..." link.
        Then use the 'login' link at the left side of the screen to login
        using your IT Resource Center User ID and Password.

        Under the notifications section (near the bottom of the page), select
        Support Information Digests.

        To subscribe or unsubscribe to a specific security bulletin digest,
        select or unselect the checkbox beside it. Then click the
        "Update Subscriptions" button at the bottom of the page.

      o  IT Resource Center World Wide Web Service
        ---------------------------------------------------

        If you subscribed through the IT Resource Center and would
        like to be REMOVED from this mailing list, access the
        IT Resource Center on the World Wide Web at:

         http://www.itresourcecenter.hp.com/

        Login using your IT Resource Center User ID and Password.
        Then select Support Information Digests (located under
        Maintenance and Support).  You may then unsubscribe from the
        appropriate digest.
      ============================================================================
      ===


      Digest Name:  daily HP-UX security bulletins digest
        Created:  Tue Feb 26  8:45:03 PST 2002

      Table of Contents:

      Document ID      Title
      ---------------  -----------
      HPSBUX0202-184   Sec. Vulnerability in SNMP (rev. 3)

      The documents are listed below.
      ----------------------------------------------------------------------------
      ---


      Document ID:  HPSBUX0202-184
      Date Loaded:  20020212
          Title:  Sec. Vulnerability in SNMP (rev. 3)

      TEXT
      -----------------------------------------------------------------
      **REVISED 03**  HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0184,
        Originally issued: 12 Feb. 2002
        Last revised:  24 Feb. 2002
      -----------------------------------------------------------------

      The information in the following Security Bulletin should be acted
      upon as soon as possible.  Hewlett-Packard Company will not be
      liable for any consequences to any customer resulting from customer's
      failure to fully implement instructions in this Security Bulletin as
      soon as possible.

      ------------------------------------------------------------------
      PROBLEM:  Vulnerabilities in SNMP request and trap handling.

      PLATFORM: HP 9000 Series 700 and Series 800 running HP-UX
              releases 10.X and 11.X
              HP Procurve switches
      **REVISED 03**
      ---->>    JetDirect Firmware
              MC/ServiceGuard, EMS HA Monitors

      DAMAGE:   Possible denial-of-service, service interruptions,
              unauthorized access.

      SOLUTION: Apply patches or implement workarounds.  See below.
             For HP-UX releases:
            PHSS_26137    s700_800  HP-UX 10.20 OV EMANATE14.2 Agent
            PHSS_26138    s700_800  HP-UX 11.X  OV EMANATE14.2 Agent
            PSOV_03087    Solaris 2.X      EMANATE Release 14.2
             For systems running OV NNM:
            PHSS_26286    s700_800  HP-UX  10.20  ovtrapd large trap fix
            PHSS_26287    s700_800  HP-UX  11.X   ovtrapd large trap fix
            PSOV_03100    Solaris 2.X             ovtrapd large trap fix
            NNM_00857     NT 4.X/Windows 2000     ovtrapd large trap fix

      MANUAL ACTIONS: Upgrade or workaround action per below.

      AVAILABILITY:  Patches for some affected systems are available now.
      CHANGE SUMMARY: Rev.01 affected HP Procurve scope expanded,
                           plus Procurve patch availability added.
                           NNM ovtrapd patch availability added.
                    Rev.02 SG and EMS found not vulnerable.
                    Rev.03 Jetdirect vulnerability updated
      ------------------------------------------------------------------

      A. Background
        CERT has issued an advisory:
        CERT Advisory CA-2002-03 Multiple Vulnerabilities in Many
        Implementations of the Simple Network Management Protocol
        (SNMPv1) containing information about the vulnerabilities.
       
        Hewlett-Packard Company will revise this bulletin as new
        information becomes available.

        ---------------------------------------------------------
        hp Procurve switches
        ---------------------------------------------------------

        We are still in the process of determining which other HP
        Procurve products are subject to these vulnerabilities.
        We have created fixes for products below which will resolve
        these issues.  See Section C below.

        Customers can download these patches in the form of software
        upgrades at:
                  http://www.hp.com/rnd/software/switches.htm

                       Product                      Fix revision number
           ----------------------------------       --------------------
           HP Procurve Switch 2524   (J4813A)        F.04.08 or greater
           HP Procurve Switch 2512   (J4812A)        F.04.08 or greater
           HP Procurve Switch 4108GL (J4865A)        G.04.05 or greater
           HP Procurve Switch 4108GL-bundle (J4861A) G.04.05 or greater

        Not all HP Procurve products have completed testing, nor are
        they listed here, and may or may not have these vulnerabilities.
        This bulletin will again be updated as new information becomes
        available.

        ---------------------------------------------------------
        NNM  (Network Node Manager)
        ---------------------------------------------------------

        Some problems found in NNM product were related to trap
        handling.  Patches are available.  See Section C below.

      **REVISED 03**
        ---------------------------------------------------------
      --->> JetDirect Firmware
        ---------------------------------------------------------

        JetDirect Firmware Version      State
        ==========================      =====
      --->>   X.08.32 and lower           VULNERABLE
      --->>   (where X = A through K)
      --->>   X.21.00 and higher          NOT vulnerable
      --->>   (where X = L through P)

         ----------------------------------------------------------
         HP-UX Systems running snmpd or OPENVIEW
         ----------------------------------------------------------
         Any HP-UX 10.X or 11.X system running snmpd or snmpdm is
         vulnerable.  To determine if your HP-UX system has snmpd
         or snmpdm installed:

           swlist -l file | grep snmpd

      B. Fixing the problem
        Install the appropriate patch or firmware revision or work
        around problem as detailed below.

      C. Recommended solution
        ---------------------------------------------------------
        hp Procurve switches
        ---------------------------------------------------------

        Customers can download these patches in the form of software
        upgrades at:
                  http://www.hp.com/rnd/software/switches.htm

                 Product                        Fix revision number
        -----------------------------------     -------------------
        HP Procurve Switch 2524    (J4813A)       F.04.08 or greater
        HP Procurve Switch 2512    (J4812A)       F.04.08 or greater
        HP Procurve Switch 4108GL  (J4865A)       G.04.05 or greater
        HP Procurve Switch 4108GL-bundle (J4861A) G.04.05 or greater

        ---------------------------------------------------------
        NNM  (Network Node Manager)
        ---------------------------------------------------------

         Problems found in the NNM product (related only to trap
         handling) are addressed in patches available at:

      http://support.openview.hp.com/cpe/patches/nnm/6.2/s700_800_11.X.jsp

         PHSS_26286    s700_800  HP-UX  10.20  ovtrapd large trap fix
         PHSS_26287    s700_800  HP-UX  11.X   ovtrapd large trap fix
         PSOV_03100    Solaris 2.X             ovtrapd large trap fix
         NNM_00857     NT 4.X/Windows 2000     ovtrapd large trap fix

        ---------------------------------------------------------
        MC/ServiceGuard
        ---------------------------------------------------------
        MC/ServiceGuard is not affected.  Testing has been completed
        and neither MC/ServiceGuard nor ServiceGuard OPS Edition are
        negatively impacted.

        The ServiceGuard Manager product does not use the cluster
        SNMP and remains unaffected.

        ---------------------------------------------------------
        Event Monitoring System  (EMS)
        ---------------------------------------------------------
        Testing of the MC/ServiceGuard or ServiceGuard OPS Edition
        application with package resources defined using EMS High
        Availability Monitors has been completed and shows no
        vulnerability to this issue.

      **REVISED 03**
        ---------------------------------------------------------
      --->> JetDirect Firmware
        ---------------------------------------------------------

        JetDirect Firmware Version      State
        ==========================      =====
      --->>   X.08.32 and lower           VULNERABLE
      --->>   (where X = A through K)
      --->>   X.21.00 and higher          NOT vulnerable
      --->>   (where X = L through P)

      --->>FIX STATUS: HP is working on a firmware fix.

      --->>WORKAROUND: Change the set-community-name and use the
      --->>Access Control List as described in "HP Jetdirect Print
      --->>Servers - Making HP Jetdirect Print Servers Secure on
      --->>the Network":

      --->>  http://www.hp.com/cposupport/networking/support_doc/
      --->>  bpj05999.html#P88_10129

      --->>      LIMITING THE VULNERABILITY

      --->>SNMPv1 security relies on the set community name. It is
      --->>important that a set-community-name be configured on the
      --->>Jetdirect device and that it be kept secret.

      --->>Jetdirect Print Servers offer an Access Control List that
      --->>can be used to specify which hosts can make SNMP
      --->>configuration changes to Jetdirect Print Servers.

      --->>The steps above can help prevent exploitation of the
      --->>vulnerability.  To eliminate the vulnerability before a fix
      --->>is available SNMP can be disabled on the Jetdirect device.

      --->>      DISABLING SNMP ON A JETDIRECT PRINT SERVER

      --->>1. Update the firmware to the highest level as described in
      --->>    the Jetdirect Upgrade Instructions document:

      --->> http://www.hp.com/cposupport/networking/support_doc/bpj06917.html

      --->>NOTE:    Disabling SNMP may affect device discovery and port
      --->>         monitors that use SNMP to get status on the device.
      --->>         Use this feature with care.

      --->>2.  Telnet to the Jetdirect device (on the latest firmware)
      --->>     and type:
      --->>                   snmp-config: 0
      --->>                   quit

      --->>This will completely disable SNMP on the Jetdirect device.


      --->>HP always recommends upgrading Jetdirect firmware for the
      --->>latest bug fixes and security benefits.  The upgrade firmware
      --->>and download utility are available free of charge:

      --->>http://www.hp.com/cposupport/networking/support_doc/bpj06917.html

      --->>The following is a list of JetDirect Product Numbers
      --->>that can be freely upgraded to X.08.32 or X.21.00 or
      --->>higher firmware.  The latest firmware revision available
      --->>for download is given.  For example, the latest firmware
      --->>revision for the J3110A is G.08.32.

      --->>EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)
      --->>        J3110A 10T                              [G.08.32]
      --->>        J3111A 10T/10B2/LocalTalk               [G.08.32]
      --->>        J3112A Token Ring (discontinued)        [G.08.32]
      --->>        J3113A 10/100 (discontinued)            [G.08.32]
      --->>        J4169A 10/100                           [L.21.22]
      --->>        J4167A Token Ring                       [L.21.25]
      --->>        J6057A 10/100                           [R.22.09]

      --->>MIO (Peripherals LaserJet 4, 4si, 5si, etc...)
      --->>        J2550A/B 10T (discontinued) [A.08.32]
      --->>        J2552A/B 10T/10Base2/LocalTalk (discontinued) [A.08.32]
      --->>        J2555A/B Token Ring (discontinued) [A.08.32]
      --->>        J4100A 10/100                      [K.08.32]
      --->>        J4105A Token Ring                  [K.08.32]
      --->>        J4106A 10T                         [K.08.32]

      --->>LIO (Peripherals Color Inkjet cp1160, cp1700)
      --->>        J6042A 250m 10/100                    [N.21.22]

      --->>External Print Servers
      --->>        J2591A EX+ (discontinued)               [E.08.32]
      --->>        J2593A EX+3 10T/10B2 (discontinued)     [D.08.32]
      --->>        J2594A EX+3 Token Ring (discontinued)   [D.08.32]
      --->>        J3263A 300X 10/100                      [H.08.32]
      --->>        J3264A 500X Token Ring                  [J.08.32]
      --->>        J3265A 500X 10/100                      [J.08.32]
      --->>        J6038A 310x USB 10/100                  [Q.22.04]

        ----------------------------------------------------------
        HP-UX Systems running snmpd or OPENVIEW
        ----------------------------------------------------------
        The following patches are available now:

         PHSS_26137    s700_800  HP-UX 10.20 OV EMANATE14.2 Agent$
         PHSS_26138    s700_800  HP-UX 11.X  OV EMANATE14.2 Agent$
         PSOV_03087    Solaris 2.X      EMANATE Release 14.2 $

        All three patches are available from:

         http://support.openview.hp.com/cpe/patches/

         In addition PHSS_26137 and PHSS_26138 are now available
         from:
               http://itrc.hp.com

        ============================================================
        NOTE: The patches are labeled OV (Open View).  However, the
        patches are also applicable to systems that are _NOT_
        running Open View.
        ============================================================

        Workaround for HP-UX Systems:

        If a patch is not available for your platform or you cannot
        install an available patch, snmpd and snmpdm can be disabled
        by removing their entries from /etc/services and removing the
        execute permissions from /usr/sbin/snmpd and /usr/sbin/snmpdm.

      D. To subscribe to automatically receive future NEW HP Security
        Bulletins from the HP IT Resource Center via electronic
        mail, do the following:

        Use your browser to get to the HP IT Resource Center page
        at:

           http://itrc.hp.com

        Use the 'Login' tab at the left side of the screen to login
        using your ID and password.  Use your existing login or the
        "Register" button at the left to create a login, in order to
        gain access to many areas of the ITRC.  Remember to save the
        User ID assigned to you, and your password.

        In the left most frame select "Maintenance and Support".

        Under the "Notifications" section (near the bottom of
        the page), select "Support Information Digests".

        To -subscribe- to future HP Security Bulletins or other
        Technical Digests, click the check box (in the left column)
        for the appropriate digest and then click the "Update
        Subscriptions" button at the bottom of the page.

        or

        To -review- bulletins already released, select the link
        (in the middle column) for the appropriate digest.

        To -gain access- to the Security Patch Matrix, select
        the link for "The Security Bulletins Archive".  (near the
        bottom of the page)  Once in the archive the third link is
        to the current Security Patch Matrix. Updated daily, this
        matrix categorizes security patches by platform/OS release,
        and by bulletin topic.  Security Patch Check completely
        automates the process of reviewing the patch matrix for
        11.XX systems.

        For information on the Security Patch Check tool, see:
        http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
        displayProductInfo.pl?productNumber=B6834AA"

        The security patch matrix is also available via anonymous
        ftp:

        ftp.itrc.hp.com:~ftp/export/patches/hp-ux_patch_matrix

        On the "Support Information Digest Main" page:
        click on the "HP Security Bulletin Archive".


      E. To report new security vulnerabilities, send email to

        security-alert@hp.com

        Please encrypt any exploit information using the
        security-alert PGP key, available from your local key
        server, or by sending a message with a -subject- (not body)
        of 'get key' (no quotes) to security-alert@hp.com.

        Permission is granted for copying and circulating this
        Bulletin to Hewlett-Packard (HP) customers (or the Internet
        community) for the purpose of alerting them to problems,
        if and only if, the Bulletin is not edited or changed in
        any way, is attributed to HP, and provided such reproduction
        and/or distribution is performed for non-commercial purposes.

        Any other use of this information is prohibited. HP is not
        liable for any misuse of this information by any third party.
      ________________________________________________________________
      --
      -----End of Document ID:
      HPSBUX0202-184--------------------------------------

      Re: Hewlett Packard HP3000 - MPE vulnerable to CERT®
      Advisory CA-2002-03 SNMP

      This is resolved on HP-e3000 MPE/iX systems - fix:
      8606-248966 in the following
      patches to the SNMP Agent:

      SNMGDL9 for C.60.00
      SNMGDM0 for C.65.00
      SNMGDM1 for C.70.00

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hirschmann Electronics GmbH & Co Affected

Notified:  January 19, 2002 Updated: February 08, 2002

Status

Affected

Vendor Statement

Hirschmann Electronics GmbH & Co. KG supplies a broad range of networking products, some of which are affected by the SNMP vulnerabilities identified by CERT Coordination Center. The manner in which they are affected and the actions required to avoid being impacted by exploitation of these vulnerabilities, vary from product to product. Hirschmann customers may contact our Competence Center (phone +49-7127-14-1538, email: ans-support@nt.hirschmann.de) for additional information, especially regarding availablity of latest firmware releases adressing the SNMP vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi Affected

Updated:  May 24, 2005

Status

Affected

Vendor Statement

    Hitachi Data Systems (HDS) has evaluated the information about the industry wide SNMP (Simple Network Management Protocol) vulnerabilities and is conducting the appropriate series of tests to determine the possible exposure on its entire product offering.

    While a potential vulnerability has already been assessed in certain product’s configurations, HDS has designed the necessary temporary workaround and made them available to our customers through the local support personnel.
    As soon as a permanent fix will become available, it will be immediately provided to all our customers.

    For further details please contact the Hitachi Data System technical support structure or visit our web site at:

    http://www.hds.com/products_services/support/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation Affected

Notified:  October 17, 2001 Updated: February 26, 2002

Status

Affected

Vendor Statement

      The AIX operating system is susceptible to the vulnerabilities
      tested for by the Oulu University PROTOS test suite for all
      levels of AIX 4.3.x prior to level 4.3.3.51, and AIX 5.1 prior
      to level 5.1.0.10. APARs were developed and made available last
      year that closed the vulnerabilities looked for by the test suite.
      For 4.3.x, the relevant APAR is #IY17630; for 5.1, the appropriate
      APAR is #IY20943.

      To see if your version and level of AIX is vulnerable, enter the
      command:

                      lslpp -l bos.net.tcp.client

      If the "Level" stated is lower than those given above, your
      system is vulnerable, and you are urged to apply the appropriate
      APAR.

      AIX versions prior to 4.3 are also vulnerable, but these versions
      are no longer supported by IBM.

      To remain consistent with IBM's standing agreement with our customers who
      use zOS and OS/400, IBM asks that these customers contact IBM Service
      for information regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please note that this vendor statement is for AIX only. That is, it does NOT cover the SNMP agents that may ship in any products other than Tivoli NetView.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IPlanet Affected

Notified:  October 17, 2001 Updated: August 28, 2002

Status

Affected

Vendor Statement

      Update on CERT ALERT CA-2002-03
      iPlanet has identified a problem in the CERT Alert CA-2002-03, regarding implementations of its directory server and web proxy server.

      The SNMP agent (magt) daemon supplied with the Admin Server component of Netscape Directory Server 4.1x,  iPlanet Directory Server 5.0,  iPlanet Directory Server 5.1 and iPlanet Web Proxy Server 3.6 on UNIX platforms is vulnerable to a malformed request. The malformed request will cause the "magt" daemon to abruptly exit, so that it will no longer accept requests.  The "magt" daemon is not included in the Admin Server component of the Netscape Directory Server or iPlanet Directory Server on the Windows NT, Windows 2000 platforms and is not used on AIX platforms, so the Directory Server and Web Proxy Server are not affected on these platforms.

      This vulnerability is present in the following versions running on Unix platforms:
      Netscape Directory Server 4.12, 4.13, 4.14, 4.15 and 4.16
      iPlanet Directory Server 5.0, 5.0SP1 and 5.1
      iPlanet Web Proxy Server 3.6

      We do not believe that this vulnerability affects the overall integrity of the directory server or web proxy server  in any way.

      As a general practice, we recommend disabling all services affected by the "magt" daemon that are not explicitly required until a patch is downloaded and installed. If you are not using SNMP to monitor the directory server, we recommend that you do not run the "magt" daemon process. You can also limit your exposure to this vulnerability by using a firewall to restrict access to the UDP port on which "magt" receives incoming SNMP requests.

      Patches and Service packs fixing this problem will be posted under http://www.iplanet.com/downloads/patches/.
       
      Version Recommended action
      Directory Server 4.1x Install standalone "magt" patch
      Directory Server 5.0 Upgrade to 5.0SP2 or install "magt" patch
      Directory Server 5.0SP1 Upgrade to 5.0SP2 or install "magt" patch
      Directory Server 5.1 Install standalone "magt" patch
      iPlanet Web Proxy Server 3.6 Install standalone "magt" patch

      iPlanet products, such as iPlanet Application Server Enterprise Edition
      6.x, bundling the above mentioned products are also affected.  Installing
      the appropriate Directory Server patches and/or service pack is
      recommended.

      iPlanet customers with questions on this advisory are requested to contact iPlanet Technical Support who will provide full support and up-to-date information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ITouch Communications Affected

Notified:  January 10, 2002 Updated: March 06, 2002

Status

Affected

Vendor Statement

      iTouch Communications has confirmed that the following tests failed
      (software crash) in the MX and InReach Series run-time image
      Xpcsrv20.sys version  6.3 and NEMC_IR.SYS version 3.0 and earlier:

          1. APP tests, 10545 and 10549
          2. ENC tests 878,7643,7686,7687,7688,13358 & 13486

      These issues were fixed in Xpcsrv20.sys version 6.3s15 and
      NEMC_IR.SYS version 3.0s1 and now  they are fully compliant with the
      SNMP vulnerability CERT tests.

      Customers requesting software updates or more information may
      contact iTouch Communications at 800-435-7997 (domestic) and 978-952-4888
      (International) and select the Customer Service option.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

InfoVista Affected

Updated:  March 22, 2002

Status

Affected

Vendor Statement

      In reference to CERT Advisory CA-2002-03, Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP), InfoVista has reviewed and addressed this advisory that reports how vulnerabilities may allow unauthorized privileged access, denial of service attacks, or unstable behavior.

      InfoVista has assessed the InfoVista product portfolio and investigated the impact of this advisory. Tests have been performed against the PROTOS c06-snmpv1 test suite and as a result, InfoVista products fixes are being created, if needed, which will resolve any related issues. Upgrades to our product line that address these issues will be released in the near future.

      A status of each InfoVista product is as follows:

      InfoVista Server


      The InfoVista Server is not affected by trap & agent-side vulnerabilities. The InfoVista Server performs numerous consistency checks on SNMP packets, thus being immune to most attacks. Further evaluation is underway to assess any vulnerability and, if exposures as reported in the advisory are found, fixes will be provided.

      Vista Plug-in for NetFlow


      The Vista Plug-in for NetFlow version 3.0 includes Emanate 15.2.1.7, which does not address these vulnerabilities. The latest version of Emanate 15.3.1.7, which accounts for these vulnerabilities, will be included in the next version of the Vista Plug-in for NetFlow. A product release schedule will be communicated soon.

      Vista Plug-in Family


      Full testing of our agents for the vulnerabilities identified in CERT Advisory CA-2002-03, VU#854306 and VU#107186 have been completed. A hotfix for the Vista Plug-in Family that corrects these vulnerabilities is scheduled for release at the end of March.

      VistaNotifier


      VistaNotifier is not affected by agent-side vulnerabilities. VistaNotifier does consistency checks for traps, while expecting these traps to be in a specific format (from the InfoVista server), thus being immune to most attacks. Further evaluation is underway to assess any vulnerability and, if exposures as reported in the advisory are found, fixes will be provided.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Inktomi Corporation Affected

Notified:  January 10, 2002 Updated: February 21, 2002

Status

Affected

Vendor Statement

      All releases of Inktomi Traffic Server and Inktomi Media-IXT prior to
      version 5.2 are vulnerable, releases after 5.2 are not vulnerable.  A
      software patch is available to close the vulnerability.  Download and
      installation instructions are available at:
      ftp://traffic_swul:!nc0ming@support.inktomi.com/CA-2002-03/README

      Traffic Server deployed as part of the Inktomi Content Networking
      Platform 1.0 is also vulnerable, and should be immediately updated to
      v1.1 or 1.1.1.  Inktomi CNP customers can get the 1.1.1 release from
      http://downloads.inktomi.com.

      Other Inktomi Products:
      Inktomi CDS is not vulnerable.  CDS is safe because it does not listen
      for SNMP requests. Inktomi Enterprise Search is also not vulnerable,
      because it does not include any SNMP. Finally, Inktomi Media
      Distribution Network is also safe because it does
      not include any SNMP.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Innerdive Solutions LLC Affected

Notified:  January 10, 2002 Updated: February 11, 2002

Status

Affected

Vendor Statement

Innerdive Solutions, LLC have two SNMP based products:

1. The "SNMP MIB Scout" (http://www.innerdive.com/products/mibscout/)
2. The "Router IP Console" (http://www.innerdive.com/products/ric/)

The "SNMP MIB Scout" is not vulnerable to either bug.

The "Router IP Console" releases prior 3.3.0.407 is vulnerable. The release of "Router IP Console" correcting the behavior outlined in OUSPG#0100 is 3.3.0.407 and already available on our site. Also, we will notify all our customers about this new release no later than March 5, 2002.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ipswitch Inc. Affected

Updated:  March 06, 2002

Status

Affected

Vendor Statement

      Ipswitch has completed its assessment of WhatsUp Gold in response to the
      CERT advisory (CA-2002-03).  We have addressed all of the issues highlighted
      by the CERT advisory's 24,000 test cases via a patch release.

      A free patch is currently available to upgrade WhatsUp Gold customers from
      version 7.01 to 7.02.  You can download the patch from
      http://www.ipswitch.com/support/whatsup/patch-upgrades.html.

      For customers who are currently running WhatsUp Gold version 6.02, a patch
      will be released shortly to upgrade you to version 6.03.  Please check back
      with our patch page
      (http://www.ipswitch.com/support/whatsup/patch-upgrades.html) over the next
      couple of weeks.

      Thank you for your continued support of WhatsUp Gold and other Ipswitch
      products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks, Inc. Affected

Notified:  October 23, 2001 Updated: February 12, 2002

Status

Affected

Vendor Statement

This is in reference to your notification regarding CAN-2002-0012 and CAN-2002-0013. Juniper Networks has reproduced this behavior and coded a software fix. The fix will be included in all releases of JUNOS Internet software built after January 5, 2002. Customers with current support contracts can download new software with the fix from Juniper's web site at http://www.juniper.net

Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can only be reproduced in JUNOS Internet software if "snmp traceoptions flag pdu" is enabled. Tracing of SNMP PDUs is generally not enabled in production routers.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

KarlNet Inc. Affected

Notified:  January 10, 2002 Updated: March 25, 2002

Status

Affected

Vendor Statement

      Karlnet Advisory:
      SNMPv1 Implementation Vulnerabilities in Karlnet Products
      Revision 1.0
      Revision Date: 14 March 2002

      I  Vulnerabilities Found

      Preliminary test results have indicated multiple Karlnet products exhibit certain vulnerabilities to SNMP messages.
      Some of these vulnerabilities can be exploited, resulting in a denial of service or service interruption.

      These results have not indicated any vulnerability that will allow an attacker to gain access to the affected device.

      II. Solution

      In response to CERT® Advisory CA-2002-03 Multiple Vulnerabilities in Many
      Implementations of the Simple Network Management Protocol (SNMP),
      Karlnet Inc. has detected and repaired all of the inconsistencies found by
      CERT Tests  in our SNMP implementation.  We have ensured that all
      vulnerabilities found, using test suite, PROTOS c-06-SNMPv1, have 
      been corrected and implemented in all versions of Karlnet Software 4.01 or greater.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lantronix Affected

Notified:  October 10, 2001 Updated: January 30, 2002

Status

Affected

Vendor Statement

Lantronix is committed to resolving security issues with our products. The SNMP security bug you reported has been fixed in LRS firmware version B1.3/611(020123).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Larscom Incorporated Affected

Notified:  January 11, 2002 Updated: March 06, 2002

Status

Affected

Vendor Statement

      Larscom Incorporated has completed a preliminary examination of its product
      line in response to CA-2002-03. Larscom has identified a number of platforms
      that use SNMP, both V1 and V2. It is felt that those using SNMP V2 are not
      affected by the referenced vulnerabilities.

      A complete report listing the affected products and the recommended
      circumvention can be found at http://www.larscom.com/support/advisory/cert_ca_2002_03.pdf
      or can be requested from service@larscom.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lotus Software Affected

Notified:  October 17, 2001 Updated: February 11, 2002

Status

Affected

Vendor Statement

      Lotus Software evaluated the Lotus Domino Server for vulnerabilities
      using the test suite materials provided by OUSPG.

      This problem does not affect default installations of the Domino
      Server.  However, SNMP agents can be installed from the CD to provide
      SNMP services for the Domino Server (these are located in the
      Apps/SYSMGMT/AGENTS directory).  Only certain platforms are affected:
      HP-UX, Solaris SPARC and Solarix X86.  For those platforms, customers
      should upgrade to version R5.0.1a of the Lotus Domino SNMP Agents,
      available for download from the Lotus Knowledge Base on the IBM
      Support Web Site ( http://www-4.ibm.com/software/lotus/support/).
      Please refer to Document #191059, "Lotus Domino SNMP Agents R5.0.1a",
      also in the Lotus Knowledge Base, for more details.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies Affected

Notified:  January 15, 2002 Updated: February 21, 2002

Status

Affected

Vendor Statement

Lucent is aware of reports that there is a vulnerability in certain implementations of the SNMP (Simple Network Management Protocol) code.

As soon as we were notified by CERT, we began assessing our product portfolio and notifying customers with products that might be affected.

Our 5ESS(R) switch and our optical portfolio were not affected. We have developed, tested, and deployed fixes for most of the impacted products, including our core and edge ATM switches and our edge and broadband access products. Fixes for the rest of the affected product portfolio will be available shortly.

Customers with questions about product vulnerability and/or the status of fixes for affected products should log in to the customer support section of the Lucent web site at http://www.lucent.com. Customers who need help registering for the web site should talk to their Lucent customer teams

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MG-SOFT Corporation Affected

Notified:  January 09, 2002 Updated: February 14, 2002

Status

Affected

Vendor Statement

MG-SOFT is currently performing detailed verification of the SNMP (SNMPv1, SNMPv2c and SNMPv3) engine implementation.

So far we have noticed that our WinSNMP implementation, the core of all our SNMP products, is vulnerable only in one case. We will post fixed versions of all affected MG-SOFT's SNMP products in few days, on our web site at http://www.mg-soft.com/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc. Affected

Updated:  March 05, 2002

Status

Affected

Vendor Statement

      The ucd-snmp package from Conectiva Linux 5.0, 5.1, 6.0, 7.0, "ferramentas
      grฟicas" and "ecommerce" are affected by this vulnerability. Previous
      Conectiva Linux are also affected, but they are no longer supported and no
      update will be provided for them.

      New packages will be provided shortly and will be announced to our mailing
      lists and updates website ( http://distro.conectiva.com.br/atualizacoes/).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Marconi Affected

Notified:  December 19, 2001 Updated: January 14, 2002

Status

Affected

Vendor Statement

Marconi supplies a broad range of telecommunications and related products, some of which are affected by the SNMP vulnerabilities identified here. The manner in which they are affected and the actions required (if any) to avoid being impacted by exploitation of these vulnerabilities, vary from product to product. Those Marconi customers with support entitlement may contact the appropriate Technical Assistance Center (TAC) for additional information. Those not under support entitlement may contact their sales representative.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mercury Interactive Corporation Affected

Updated:  September 23, 2002

Status

Affected

Vendor Statement

      Of the Mercury Interactive products, both Topaz and SiteScope have the capability to listen to SNMP traps. In both cases this capability is not installed by default. In order to eliminate any vulnerabilities we have taken the necessary steps to verify that our products are immune to the issues mentioned in the advisory.

      The SiteScope product version 7.5 and onwards, uses Cyberons for Java from Netaphor Software Inc., with the latest patches. These libraries are immune to the issues mentioned in the advisory. More information about this can be found at http://www.netaphor.com/Products/CERTAdvisory.html The Topaz product version 4.1 and onwards, uses the SNMP++ libraries by Agent++, at version 3.1.4b or later. These libraries are immune to the issues mentioned in the advisory. More information about this can be found at http://www.agentpp.com/CERT_SNMPv1_Advisory/body_cert_snmpv1_advisory.html.

      Customers using these products, with the capability to listen to SNMP traps, are advised to upgrade to the appropriate version. Mercury Interactive also recommends considering one or more of the following solutions to minimize your network's potential exposure to these vulnerabilities:

      -Ingress filtering

      -Egress filtering

      -Filter SNMP traffic from non-authorized internal hosts

      -Change default community strings

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Metrobility Optical Systems Affected

Notified:  January 11, 2002 Updated: May 14, 2003

Status

Affected

Vendor Statement

Metrobility Optical Systems has identified some of the vulnerability outlined in CERT Advisory CA-2002-03 and is addressing the issue. A technical advisory has been released. Please go to the following web site for information: http://www.metrobility.com/support/cert.htm.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Micromuse Affected

Notified:  January 18, 2002 Updated: February 15, 2002

Status

Affected

Vendor Statement

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation Affected

Notified:  October 10, 2001 Updated: February 13, 2002

Status

Affected

Vendor Statement

The following documents regarding this vulnerability are available from Microsoft:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Monfox LLC Affected

Updated:  March 04, 2002

Status

Affected

Vendor Statement

      Monfox has completed testing of our Java DynamicSNMP(TM) Agent and Manager
      Development Toolkits in accordance with advisory CA-2002-03. Releases of
      DynamicSNMP prior to Version 3_3_2 are susceptible to 3 of the test cases
      under certain conditions.

      A new release containing fixes for all known vulnerabilities is now
      available for download. We will provide patch releases for prior versions
      upon request in the event that any customer is not in the position to
      upgrade to the latest version.

      For more information, please feel free to contact Monfox by email at
      info@monfox.com or by phone at 678-771-4239.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multinet Affected

Notified:  October 17, 2001 Updated: December 19, 2001

Status

Affected

Vendor Statement

MultiNet and TCPware customers should contact Process Software to check for the availability of patches for this issue. A couple of minor problems were found and fixed, but there is no security risk related to the SNMP code included with either product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation Affected

Notified:  January 02, 2001 Updated: March 28, 2002

Status

Affected

Vendor Statement

      updated on March 28, 2002

      [Server Products]

      * EWS/UP 48 Series
          - OS's of all versions are vulnerable.
          - SNMP should be off, if not necessary.
          - The patches are available through anonymous FTP from:
                            FTP server: ftp.biglobe.ne.jp
                            directory:  ~ftp/pub/48pub/security/
            Please refer to the README file in the directory.
          - Detail information in Japanese is at:
            < http://www.mid.comp.nec.co.jp/48info/48patch/ca200203snmpd.html>

      [Software Products]

      * Network management system:
          + ESMPRO/ServerManager, ESMPRO Manager
              - is vulnerable.
              - The patch will be available in the end of March.
              - Detail information in Japanese is at:
                < http://www.express.nec.co.jp/care/Security/snmp58.html>

          + ESMPRO/ClientManager(MG), ESMPRO/ClientManager SmallBusiness Pack
              - is vulnerable.
              - The patch will be produced.

          + ESMPRO/Netvisor
              - is vulnerable.
              - The patch will be produced.

          + SystemScope/UXServerManager (Viewer,WindowsMG)
              - is vulnerable.
              - The patch will be produced.

          + OpenDiosa/OPBASE Base Manager-L (Windows version)
              - is vulnerable.
              - The patch will be produced.

      [Router Products]

      * Octpower Series
                 IP8800/700 Series (710,720,730,735,740,750)
                 IP8800/600 Series (610,620MM,620SM,620SS,630)
                 ES8800/1700 Series (1711,1712,1720,1730)
                 MegaAccessRouter Series (MA25UX/4EMA155MX/4EMA155SX/4E)
                 MegaAccess Series (MA25LU/4EMA155LM/4EMA155LS/4E)
                 SH380/200
          - are vulnerable.
          - The patch is available at:
             < http://www.octpower.nec.co.jp/download/index.html>
          - Detail information in Japanese is at:
             < http://www.octpower.nec.co.jp/news/snmp.html>

      * CX5200 Series (CX5220,CX5210)
        CX4200 Series (CX4220,CX4210)
          - are vulnerable.
          - To get fixed software, please contact to:
             <mailto: BQOS@ipnw.jp.nec.com>
          - More information (in Japanese):
             < http://www1.ias.biglobe.ne.jp/IPNW/BQOS/whatsnew.html>

      [VoIP GW/RAS Products]

      * CX3200
          - is vulnerable.
          - To get fixed software, please contact to:
             <mailto: BQOS@ipnw.jp.nec.com>
          - More information (in Japanese):
             < http://www1.ias.biglobe.ne.jp/IPNW/BQOS/whatsnew.html>

      [Other Network Equipment Products]

      [Devices and other products]

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NET-SNMP Affected

Notified:  October 16, 2001 Updated: February 16, 2002

Status

Affected

Vendor Statement

All ucd-snmp version prior to 4.2.2 are susceptible to this vulnerability and users of versions prior to version 4.2.2 are encouraged to upgrade their software as soon as possible ( http://www.net-snmp.org/download/ ).  Version 4.2.2 and higher are not susceptible.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC is currently investigating reports that snmptrapd in UCD-SNMP version 4.2.2 may be vulnerable to at least one of the issues discussed in CA-2002-03.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NETWORK HARMONi Inc. Affected

Updated:  March 20, 2002

Status

Affected

Vendor Statement

      Network Harmoni's response to CERT Advisory CA-2002-03
      The CERT/CC is part of the Networked Systems Survivability (NSS)
      Program at the Software Engineering Institute (SEI), Carnegie Mellon
      University. The primary goal of the NSS Program is to ensure that
      appropriate technology and systems management practices are used to
      resist attacks on networked systems and to limit damage and ensure
      continuity of critical services in spite of successful attacks.
      On February 12th, 2002, CERT issued two advisories that warn of
      problems that could arise as the result of improper handling of
      malformed packets by applications using SNMP protocols.  The Oulu
      University Secure Programming Group (OUSPG) had discovered that
      improperly formed packets in the form of trap messages to SMNP
      managers and request messages to SNMP agents had caused problems in a
      number of SNMP based products.  A list of vendors, with products
      based on SNMP, was compiled by CERT, and they were notified directly
      along with the press and analyst community covering the Network
      Management space.

      Once we were notified of the situation, we immediately began
      regression testing our agent software against the entire Protos Test
      Suite: c06-snmpv1 used by Oulu University to discover these two
      packet handling vulnerabilities.  Because we are not currently
      offering products that accept trap messages, testing was focused on
      the ability of our SNMP agents to handle malformed SNMP requests
      without incident.  It was discovered through our testing that both
      RMONplus and SLAplus are potentially vulnerable to this method of
      disruption and will exhibit unpredictable behavior as a result of
      running this test suite. Rather than issue a patch, we have made
      modification to both versions of our agent to correct this problem.
      Customers concerned about vulnerabilities related to CERT Advisory
      CA-2002-03 should contact NETWORK HARMONi at
      support@networkharmoni.com for a new build.

      Current status (Wednesday 2/20/2002 4:00 PM):
      RMONplus & SLAplus (Builds 232 and above)
      Sun Solaris - Passed All tests
      Windows XP - Passed All tests
      Windows 2000 - Passed All tests
      Windows NT - Passed All tests
      HP-UX - Passed All tests
      IBM AIX - Passed All tests
      Linux - Passed All tests

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nbase-Xyplex Affected

Notified:  January 10, 2002 Updated: March 06, 2002

Status

Affected

Vendor Statement

iTouch Communications, Inc. formerly Nbase-Xyplex

iTouch Communications has confirmed that the following tests failed
(software crash) in the MX and InReach Series run-time image Xpcsrv20.sys
version 6.3 and NEMC_IR.SYS version 3.0 and earlier:

1. APP tests, 10545 and 10549
2. ENC tests 878,7643,7686,7687,7688,13358 & 13486

These issues were fixed in Xpcsrv20.sys version 6.3s15 and
NEMC_IR.SYS version 3.0s1 and now they are fully compliant with the SNMP
vulnerability CERT tests.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetScout Systems Inc. Affected

Updated:  March 26, 2002

Status

Affected

Vendor Statement

      NetScout has determined that some of its products were affected by the warning issued by the CERT Coordination Center of vulnerabilities in the processing of Simple Network Management Protocol (SNMP) messages.  As a result, we have implemented patches, that protect our customers from a potential attack.. 
      NetScout customers can obtain necessary patches by going to the Software Download area on our Web site at www.netscout.com/support.  The patches are found in a directory named “SNMP Security Patch.”  Please contact Customer Support if you require assistance.

      It is important to note that the NetScout probes are passive devices and as such pose no risk to the network if compromised by an attack exploiting these vulnerabilities.

      In an effort to help our customers minimize the risk of this vulnerability to other SNMP enabled devices, NetScout has provided instructions on how our products can be used to help defend against attacks.  These instructions are available on our Web site at http://www.netscout.com/support/alert.htm.


      If you have further questions regarding the SNMP vulnerabilities warning, please contact Customer Support at 1-888-357-7667, or 1-978-614-4370 for assistance.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetSilicon Inc. Affected

Notified:  January 11, 2002 Updated: March 06, 2002

Status

Affected

Vendor Statement

      The PROTOS c-06-SNMPv1 test suite provides evidence that the NetSilicon Softworks SNMP v1/v2/v3 agent Release 2 is not susceptible to the vulnerabilities described in this alert. Existing customers, with support agreements, using Release 1 of the agent can receive a free upgrade to Release 2 via the customer support link of the NetSilicon Softworks web site at http://www.netsilicon.com/Sftwrks/Support/helpdesk.asp.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Netscape Communications Corporation Affected

Updated:  February 12, 2002

Status

Affected

Vendor Statement

      Netscape continues to be committed to maintaining a
      high level of quality in our software and service offerings.
      Part of this commitment includes prompt response to
      security issues discovered by organizations such as the
      CERT® Coordination Center.

      According to a recent CERT/CC advisory,
      The Oulu University Secure Programming Group (OUSPG)
      has reported numerous vulnerabilities
      in multiple vendor SNMPv1 implementations.
      These vulnerabilities may allow unauthorized
      privileged access, denial of service attacks, or unstable behavior.

      We have carefully examined the reported findings, performing
      the tests suggested by the OUSPG to determine whether
      Netscape server products were subject to these vulnerabilities.
      It was determined that several products fell into this category.
      As a result, we have created fixes which will resolve the issues,
      and these fixes will appear in future releases of our product line.
      To Netscape's knowledge, there are no known instances of these
      vulnerabilities being exploited and no customers have been affected to date.

      When such security warnings are issued, Netscape has committed to
      - and will continue to commit to - resolving these issues in a prompt and
      timely fashion, ensuring that our customers receive products of the highest
      quality and security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Network Appliance Affected

Updated:  March 07, 2002

Status

Affected

Vendor Statement

      Information about the vulnerability of our systems has been posted on our
      primary support site: NOW (http://now.netapp.com ). The following field alert
      has also been issued to our customers:
      Field Alert # 120: CERT Advisory CA-2002-03: SNMP Vulnerabilities

      Testing shows some NetApp products will be affected by some of the issues
      listed in the CERT Advisory.
      Please note that NetCache appliances are only vulnerable if the attack comes
      from a trusted host.

      The following appliances will PANIC when under attack: F85, F87, F820, F840,
      F880, C1100 series, C3100, C6100. The following appliances were not observed
      to panic, but they may still be vulnerable to attack: F720, F740, F760,
      C720, C760. Information about the bug associated with this vulnerability can
      be found in Bugs Online area of NOW (http://now.netapp.com ).

      What happens when a filer/cache is hit by these cases?

      The NetApp system will PANIC with a PANIC string similar to the following:

      PANIC: Protection Fault accessing address 0x00000001 from EIP 0x5f02c9 in
      process snmpd on release NetApp Release Rxxxxxxxx on Wed Feb 13 02:19:14
      2002

      What releases have the fix for this issue?

      Patches have been built for the following OS levels:

      Data ONTAP 5.3.7R3 - Patch is 5.3.7R3D12
      Data ONTAP 6.1.1R2 - Patch is 6.1.1R2D16
      Data ONTAP 6.1.2R1 - Patch is 6.1.2R1D4
      NetCache 5.1 - Patch is 5.1R2D22
      NetCache 5.2.1 - Patch is 5.2.1R1D2

      The patches for both Data ONTAP and NetCache are available on the NOW site.

      What will I see if someone attempts to attack my machine and I have
      installed an OS with the fix?

      You will see a message similar to the following in the messages log and the
      filer or NetCache will continue to function normally.

      Wed Feb 13 21:57:56 GMT [snmpd:warning]: SNMP detected possible buffer
      overflow attempt, skipping request

      For more information visit http://now.netapp.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks, Inc. Affected

Notified:  August 02, 2001 Updated: February 22, 2002

Status

Affected

Vendor Statement

      Nortel Networks is cooperating to the fullest extent with the CERT Coordination Center and customers that potentially could be affected and other companies within the networking industry to assess, address, and resolve the situation.

      For specific information on Nortel Networks response to CERT Bulletin CA-2002-03, please visit our web site http://www.nortelnetworks.com/corporate/technology/snpmv1.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc. Affected

Notified:  September 22, 2001 Updated: March 04, 2002

Status

Affected

Vendor Statement

      Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x
      and 6.0 systems. The SNMP and SNMPLOG vulnerabilities detected on
      NetWare are fixed and available for download. The TID (Technical
      Information Document) number is 2961546, it can be obtained from the
      url http://support.novell.com/servlet/tidfinder/2961546.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NuDesign Team Inc. Affected

Notified:  January 11, 2002 Updated: July 27, 2004

Status

Affected

Vendor Statement

NuDesign Team, Inc. is a vendor of SNMP Management and Agent software solutions. We have tested our products and identified vulnerabilities identified by VU#854306, VU#107186, and OUSPG#0100 advisories with our SNMP Agent and SNMP Trap receiving products. We have applied required corrections, new versions of NuDesign products have completed the regression

test cycle and have been made available to our customers on Feb 18, 2002.

For additional information please contact NuDesign Team, Inc. at 416 737 0328 or visit www.NuDesignTeam.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwave Systems Inc. Affected

Updated:  February 21, 2002

Status

Affected

Vendor Statement

      Openwave Systems Inc. ackowledges the potential of SNMP vulnerabilities
      described in [VU#107186 and VU#854306].  Openwave embeds SNMP
      in their messaging products for the purpose of internal measuring and
      monitoring of the messaging system.  The vulnerabilities listed above can
      cause denial of service of the SNMP service when specific malformed packets
      are delivered, but since most customers do not allow SNMP traffic
      through their firewall, and only utilize SNMP inside their firewall for
      the purpose of internal monitoring, they should be immune
      to the SNMP vulnerabilities listed above.  Even if SNMP traffic
      is allowed through the firewall, or no firewall is employed, the SNMP
      vulnerabilities above can at most cause denial of service of the SNMP
      services and cannot cause either unprivleged access or denial of service
      of the messaging products themselves.

      A patch will be made available by Openwave to address the SNMP
      vulnerabilities.  Customers can determine if a patch is needed
      by inspecting their version of snmpdm via the following command:
       
      % ./snmpdm -d


      Versions which are 15.3.1.7 or greater have no vulnerability.  Customers
      who require upgrades to their version of snmpdm should contact their Openwave
      Technical Support representative for availability of a patch on their
      specific product line.

      Some customers additionally use a toolkit delivered by Openwave
      called the "TACPAC".  This toolkit contains a utility called
      snmptrapd which is also vulnerable to the SNMP issues mentioned
      above.  Customers who use this tool are encouraged to
      contact their Openwave Technical Support representative to obtain
      a new version of the tool which removes the vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Optical Access Affected

Updated:  February 26, 2002

Status

Affected

Vendor Statement

      Following the release of vulnerability notes VU#107186 and VU#854306, our
      company OpicalAccess has two product lines of switches and routers with SNMP
      agent implementations : OptiSwitch and OptiSwitch Master.

      Optical Access tested the SNMP agents of our OptiSwitch product line with
      the original Oulu university test patterns and found them not vulnerable.

      The OptiSwitch Master product line uses UCD-SNMP version that was found to
      be vulnerable. UCD-SNMP version that includes the patch for the reported
      vulnerabilities will be integrated into the next major release. Until then,
      The use of ACL for management sessions feature can signifficantly reduce the
      risk ( without compromising performance).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Oracle Corporation Affected

Notified:  October 17, 2001 Updated: March 07, 2002

Status

Affected

Vendor Statement

      Oracle Security Alert #30
      Dated: 5 March , 2002
      SNMP Vulnerability in Oracle Enterprise Manager, Master_Peer Agent

      Description

      A potential security vulnerability has been discovered in the Oracle Enterprise Manager (EM)
      SNMP monitoring capability for Oracle Database that may result in a potential Denial of Service
      (DoS) attack against EM’s “master_peer” agent.

      EM is comprised primarily of two driver programs, the “Intelligent Agent” that performs core EM
      functionality and the “master_peer” agent that provides monitoring capability for EM when SNMP
      is being used.

      This potential security vulnerability can manifest only when the SNMP monitoring feature is used
      in addition to the default functionality provided by EM. The “master_peer” agent of EM, which
      provides the SNMP monitoring capability, is vulnerable to ill-formed SNMP requests that render it
      unable to respond to further SNMP requests or send unsolicited SNMP messages.

      Note: The "Intelligent Agent" is not affected by this potential security vulnerability. Therefore,
      EM’s core functionality such as job submission, event registration, notifications, etc. is not
      affected.

      Products affected

      EM Releases 1.6.5, 2.0, 2.1, 2.2, 9.0.1 running on (or “included with”):
      - Oracle7 Database, Release 7.3.x
      - Oracle8 Database, Releases 8.0.x
      - Oracle8i Database, Releases 8.1.x
      - Oracle9i Database, Release 9.0.1.x

      Platforms affected
      Windows and all Unix platforms that support SNMP variants except for IBM AIX.

      Workarounds
      There are no workarounds to protect against the SNMP vulnerability.

      Patch Information
      Oracle has fixed the potential vulnerability identified above in patch/bug fix number 2224724.
      Patches will be available only for supported releases of EM and Oracle Database on all platforms
      that require a patch.

      Download currently available patches for your platform from Oracle’ s Worldwide Support web
      site, Metalink, http://metalink.oracle.com . Activate the "Patches" button to get to the patches Web
      page. Enter the patch/bug fix number indicated above and activate the "Submit" button.

      Please check Metalink and/or with Oracle Worldwide Support periodically for patch availability if
      the patch for your platform is not yet available.

      Oracle strongly recommends that you comprehensively test the stability of your system upon
      application of any patch prior to deleting any of the original file(s) that are replaced by the patch.

      Credits

      Oracle Corporation thanks CERT of Carnegie Mellon University’s Software Engineering Institute
      for bringing this potential security vulnerability to Oracle’s attention.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Outback Resource Group Inc. Affected

Updated:  April 24, 2002

Status

Affected

Vendor Statement

      OutBack Resource Group, Inc.

      OutBack Resource Group, Inc. acknowledges the potential of SNMP
      vulnerabilities as identified in the following CERT advisories:

      VU#854306 - Multiple vulnerabilities in SNMPv1 request handling
      VU#107186 - Multiple vulnerabilities in SNMPv1 trap handling

      OutBack has investigated how these vulnerabilities may impact
      OutBack's jSNMP Enterprise product and has determined the following:

      VU#854306 - This advisory is not applicable to jSNMP, because jSNMP
      does not accept or process SNMP Get, Set, or GetNext PDUs; rather,
      jSNMP sends those requests to SNMP agents and processes subsequent
      responses.

      VU#107186 - jSNMP v3.2 passed the 24,098 applicable tests in the
      PROTOS c06-snmpv1 test suite.  jSNMP v3.1 failed only one test with
      undesirable behavior.  No consequences, other than potential
      denial-of-service, are known.  There have been no reported instances
      of this vulnerability being exploited in the jSNMP product.

      We recommend that our customers upgrade to the latest available
      version of jSNMP.

      Up-to-date information is available at www.outbackinc.com or
      support@outbackinc.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Perle Systems Ltd Affected

Notified:  January 11, 2002 Updated: February 26, 2002

Status

Affected

Vendor Statement

      With regard to CERT Advisory CA-2002-03, it has been recognized by Perle
      Systems that specific Perle products may be exposed to these SNMP
      vulnerabilities.  Perle is addressing these vulnerabilities across all
      affected product lines and has released an advisory and solution guide
      at:  http://www.perle.com/support/snmp_advisory.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Powerware Corporation Affected

Updated:  March 07, 2002

Status

Affected

Vendor Statement

      Powerware Corporation notice regarding CERT SNMP Vulnerability Announcement
      and popular Powerware Connectivity Devices

      Most  customers  operate  firewalls  that block externally originating SNMP
      traffic,  and  further, detect and prevent Denial of Service attacks. It is
      these devices that constitute a main focal point of SNMP concern since they
      represent the vanguard of your network.

      Based  upon  SNMP  blocking  and  ingress/egress  filtering,  any  possible
      potential  security  vulnerability  may only be exploited by users who have
      access to your local security domain, therefore the risk is diminished.

      Testing has revealed the following:

      Powerware, to date, knows of no SNMP-related security issues with its
      legacy, internal and external, ConnectUPS SNMP cards. Testing with the
      ConnectUPS and BestLink SNMP/Web Card has revealed that the card can, under
      direct attack, cease to respond to further network requests. This resulting
      behavior does not affect the operation of the underlying UPS. A firmware
      patch will be available on the Powerware web site shortly
      (www.powerware.com).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Radware Affected

Updated:  March 22, 2002

Status

Affected

Vendor Statement

      Radware has assessed its SNMP based products against the vulnerabilities identified in CERT Advisory CA-2002-03. The following table identifies by product the currently available software maintenance releases that include the fix for the SNMP vulnerabilities:


ProductRelease (HW Platforms)
WSD6.18.02 (H, C)
7.10.08 (AS2, AS1, H, C)
7.20.02 (AS1, H)
7.21.02 (AS2, AS1)
CSD3.30.02 (AS2, AS1)
3.40.01 (AS2, AS1)
FP2.20.09 (AS1, H, C)
LP3.20.09 (AS1, H, C)
CertainT 1002.20.00 (Model A, Model B)
      Radware customers can download this software from the following link:Radware Channel Partners can download this software from the following link:For upgrades within the same feature release, e.g. WSD 7.10.07 to WSD 7.10.08, software passwords are not needed.

      For upgrades to a new feature release, e.g. WSD 7.10.07 to WSD 7.21.02, a software password is needed and can be obtained by contacting Radware technical support at support@radware.com. The unit must be covered by an active support agreement to obtain a password for a feature release upgrade. Additional requirements, e.g. minimum Boot ROM software version, may exist. Software upgrade instructions can be found at the following link:

      Anyone who does not have access to the restricted areas of the Radware web site or has any other questions regarding these maintenance releases and the upgrade process, can contact Radware Technical Support at support@radware.com for assistance.

      At all times, Radware recommends taking the following standard security precautions:

        • Disable all remote management access through all unnecessary interfaces using the SNMP or Management Ports Table feature, depending on the specific software release in use.
        • If possible, limit all remote management access to a physically separate port that is connected to a secure management segment.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc. Affected

Updated:  January 08, 2002

Status

Affected

Vendor Statement

RedHat has released a security advisiory at

http://www.redhat.com/support/errata/RHSA-2001-163.html

with updated versions of the ucd-snmp package for all supported releases and
architectures. For more information or to download the update please visit this
page.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Redback Networks Inc. Affected

Updated:  February 26, 2002

Status

Affected

Vendor Statement

      Redback Networks, Inc. has identified that the vulnerability described
      in CA-2002-03 may affect its products.  To that end Redback has been
      providing security workarounds to protect existing installations and
      will issue software patches to provide a conclusive solution to the
      problem. The SmartEdge Transport product line is unaffected by this
      vulnerability. Customers should contact Redback Networks Technical
      Assistance Center [Domestic TAC number (877) 733 2225; International TAC
      number is 31-104987777; Web:
      www.redback.com/support ] for more
      information and workarounds.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Riverstone Networks Affected

Updated:  February 21, 2002

Status

Affected

Vendor Statement

      The Riverstone product line is, under certain circumstances,
      vulnerable tosome of the SNMP issues described in CERT's VU#854306 (advisory
      CA-2002-03). Based on current testing the assessment is that the risk to an
      operational network is low. Patch releases 7.0.2.6 and 8.0.3.3 will correct these
      vulnerabilities.

      Please, implement the following workarounds until these patches are made
      available:

         - create access control lists to allow only trusted management stations
           to access the router.
         - create an exclusive management VLAN to manage the router.
         - manage the router through its ethernet management interface.
         or
         - disable SNMP

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SNMP Research Affected

Notified:  October 18, 2001 Updated: February 12, 2002

Status

Affected

Vendor Statement

The most recent releases (15.3.1.7 and above) of all SNMP Research products address the vulnerabilities identified in the following CERT vulnerability advisories:


    VU#854306 (Multiple vulnerabilities in SNMPv1 request handling)
    VU#107186 (Multiple vulnerabilities in SNMPv1 trap handling)

A few of the malformed packets sent in these tests result in out of bound array references in allocated memory and minor memory leaks. No consequences, other than potential denial of service on some platforms, are known.

All customers who maintain a support contract have received either the new release or the appropriate patch sets to their 15.3.1.1 and later source code releases addressing these vulnerabilities. Users maintaining earlier releases should update to the current release if they have not already done so. Up-to-date information is available from .

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sniffer Technologies Affected

Updated:  March 07, 2002

Status

Affected

Vendor Statement

      SNMP Request and Trap Handling Security Advisory
      Revision 1.0
      Release Date: 03/01/02

      Sniffer Technologies has prepared this advisory regarding SNMP in
      Sniffer Technologies products.  This advisory contains specific
      instructions on how to disable these services where security may be an
      issue.

      An update regarding this issue will be sent to all Sniffer Technologies
      customers on Wednesday, March 13, 2002.  The Sniffer Technologies team
      is working diligently to fully resolve this issue.  If you have further
      questions in the interim, please contact technical support.

      What is the SNMP security risk?

      On February 12, 2002, The CERT Coordination Center issued a warning that
      a broad array of network equipment used on the Internet -- including
      switches, routers, hubs, printers and operating systems -- may be
      vulnerable to an SNMP-related attack that could cause equipment to fail
      or allow an attacker to take control of it. Though not mentioned on
      their list of vendors, our Sniffer Distributed product is another such
      device that may have this inherent SNMP vulnerability because of its
      RMON/SNMP capabilities.

      There are two areas in our product that can be affected by this security
      concern.

      1. The RMON/SNMP features of our Sniffer Distributed Appliance
      2. The Trap Capture application at our SniffView Console

      In both cases, these SNMP commands can be disabled on our product if not
      in use.

      Can I avoid using these features in the Sniffer Distributed Product
      without affecting the capabilities of the Sniffer Product?

      Yes, you can disable the SNMP/RMON capabilities of the product and
      utilize our proprietary method of logging network statistics and Expert
      Symptom and Diagnosis to disk for reporting with Reporter and/or Sniffer
      Watch.  This method does not utilize SNMP and therefore is not
      susceptible to the SNMP vulnerability.  You will still have the same
      statistics and reports that are available using the SNMP/RMON features
      of the product, with the addition of the Expert Symptoms and Diagnosis
      which are unique to our method of logging and reporting.

      How do I turn off these SNMP capabilities in the product?

      Turning off SNMP at the Sniffer Distributed Appliance:
      By default, the SNMP and RMON features of the Sniffer Distributed
      Appliance are enabled.  To turn off these features, follow the
      procedures below.

      1. Either Start Probe Viewer at the Sniffer Distributed Appliance, or
      "Configure" an Agent from your SniffView Console.
      2. Select the SNMP tab.
      3. Disable SNMP Trap
      4. Disable SNMP/RMON.
      5. Restart the Sniffer Distributed Appliance for changes to take effect.

      Turning off the SNMP Trap Capture at the SniffView Console:

      By default, when you install the SniffView Console a program called Trap
      Capture automatically gets installed and runs in the background.   This
      program can accept SNMP Traps from Sniffer Distributed Appliances as
      well as other SNMP devices.  Follow the procedures below to turn it off:

      1. Start the SniffView Alarm Manager.
      2. Select Toggle Trap capture.  The Trap capture program will be
      disabled. However, if you reboot the PC the SniffView Console is running
      on it will turn itself back on.  Therefore you must remember to disable
      it again.

      Will these features be disabled in the future?

      Yes, the SNMP/RMON features of the product will be disabled by default
      starting with the Sniffer Distributed v4.1 (with Support for Web
      Console) version.

      What if I require these features?

      If you require these features then there are a few steps that you can
      take to protect yourself from this security concern.

      1.    Under the SNMP Tab (see above) Change Community name from "public" to
      something else.
      2.    Using routers and/or firewalls, control SNMP access to the Sniffer
      Distributed Appliances or SniffView Console to ensure the traffic
      originates from known management systems and addresses.
      3.    Filter SNMP services at your network perimeter (ingress/egress
      filtering).
      4.    Segregate network management traffic onto a separate network. (i.e. a
      VPN) Refer to CERT advisory CA-2002-03
      (http://www.cert.org/advisories/CA-2002-03.html) for more details and
      the most recent information regarding recommended solutions.

      How will this security concern affect my network?

      This issue has the potential to create a denial of service attack. An
      attacker sending bogus SNMP requests and traps could flood the Sniffer
      Distributed Appliance and/or SniffView console running the Trap Capture
      application.  This might cause the system to hang and may require a
      reboot.

      An attacker should not be able to configure or take control of either
      the Sniffer Distributed Appliance or the SniffView Console.

      Has anyone reported an exploitation of this vulnerability on a Sniffer
      Distributed system?

      No.


      Have we notified CERT of our concern?

      Yes

      Where can I find out more information regarding this security concern?
      For more information regarding this vulnerability please refer to the
      following URLs on CERT's web site:
      http://www.cert.org/advisories/CA-2002-03.html
      http://www.cert.org/tech_tips/snmp_faq.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SonicWALL INC. Affected

Updated:  February 25, 2002

Status

Affected

Vendor Statement

      SonicWALL has tested its products in response to CERT® Advisory
      CA-2002-03 "Multiple Vulnerabilities in Many Implementations of the
      Simple Network Management Protocol (SNMP)," SonicWALL's has found NO
      evidence of any SNMP vulnerabilities in any SonicWALL Firewall/VPN
      appliance or Red Creek 3VPN appliances. No updates are required to
      maintain the integrity of these products.

      SonicWALL acknowledges the potential of SNMP vulnerabilities in its SSL
      offloader products and is currently working to address any potential
      security issues. However, exposure to vulnerability is extremely low due
      to the nature of the typical SSL Offloader network configuration.
      Because the SSL Offloader is located within a secure network
      environment, rather than at the network perimeter, the only opportunity
      for attack would be internal. Customers can eliminate the risk by
      temporarily disabling the SNMP sub-system.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sonus Networks Affected

Updated:  February 26, 2002

Status

Affected

Vendor Statement

      Since the release of CERT Advisory CA-2002-03, Sonus Networks has
      reviewed its product offering and determined a potential issue may exist within
      its management offering.

      The Sonus PSX6000, SGX2000, and Insight products utilize SNMP Research
      software in the SONScia package that has been identified by its vendor
      as possibly vulnerable to the exploit.  Sonus product versions 3.2.x,
      3.3.x, and 3.4.x all have the affected SONScia package.  The issue has been
      resolved in the upcoming 4.0 versions of the PSX6000, SGX2000, and
      Insight products and concerned customers are advised to upgrade as the software
      becomes available. 

      Sonus PSX6000, SGX2000, and Insight products run on top of Sun
      Microsystems's Solaris operating environment (versions 2.6 and 2.8). 
      Sun Microsystems has identified these operating environments as vulnerable
      to the exploit IF they are started or used. Given that Sonus Networks
      software neither starts nor uses the process in question, snmpdx, Sonus products
      are not vulnerable to the exploit through this Solaris process.

      The Sonus GSX9000 does not use the same third party software as other
      products from Sonus Networks and at this time we have not found any problems
      relating to its SNMP operation.  Negative testing is a routine portion of
      GSX9000 SQA and to date has not shown any undesired results.  We have recently
      tested the GSX9000 with OUSPG's PROTOS c06-snmpv1 test suite and those tests
      passed successfully. 

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Stonesoft Affected

Notified:  January 04, 2002 Updated: March 06, 2002

Status

Affected

Vendor Statement

Stonesoft's StoneGate product does not include an SNMP agent, and is therefore not vulnerable to this. Other Stonesoft's products are still under investigation. As further information becomes available, additional advisories will be available at http://www.stonesoft.com/support/techcenter/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems, Inc. Affected

Notified:  October 17, 2001 Updated: October 27, 2003

Status

Affected

Vendor Statement

Sun's SNMP product, Solstice Enterprise Agents (SEA) is affected by VU#854306 but not VU#107186. More specifically the main agent of SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. Sun has released Security Bulletin #00215.

Sun Security Bulletins are available from:


Sun patches are available from:

Sun products which utilize SNMP are listed in the following SunAlert along with their vulnerability status:

Products listed with a vulnerability status of "Under Investigation" will be updated as soon as more information becomes available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Symantec Corporation Affected

Notified:  January 11, 2002 Updated: April 01, 2003

Status

Affected

Vendor Statement

      Symantec verified that the snmptrap.exe on the Intruder Alert (ITA) 3.6 agent, if configured to accept SNMP traps from Symantec NetProwler, is susceptible to a communications Denial of Service when the PROTOS test suite is directed against it. The communicator service will be halted, the halt will be logged and the service requires a restart to reinitiate communications.

      This should be a very low risk issue to Symantec ITA customers. The snmptrap.exe module is loaded on an ITA agent machine. Depending on customer configuration if the snmptrap module is loaded on an ITA agent located on the internal network of the company then the collector is only vulnerable to an internal attack as long as the firewall rule set blocks snmptrap communications through the firewall.

      The functionality of the snmptrap.exe allows smooth integrated alert management of both NIDS and HIDS from a single administrator console. Halting the communicator module disrupts the integrated communications only. Both the NetProwler and the ITA IDS systems continue to fuction normally but will require monitoring from separate consoles until the communicator service is restarted.

      Symantec takes any product issue such as this very seriously. We have developed a patch for Symantec ITA 3.6 that addresses this problem. The patch is available to Symantec ITA 3.6 customers from the Symantec customer ITA ftp download site as ITA3_6Patch1/061302/. There is a patch for both domestic and international releases.

      Please contact supportsolutions@symantec.com for questions on product upgrades.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO Unix) Affected

Notified:  October 17, 2001 Updated: September 13, 2002

Status

Affected

Vendor Statement

Caldera International, Inc. has reproduced faulty behavior in Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX 8. We have coded a software fix for supported versions of Caldera UnixWare 7 and Caldera Open UNIX 8 that will be available from our support site at http://stage.caldera.com/support/security immediately following the publication of this CERT announcement. A fix for supported versions of OpenServer 5 will be available at a later date.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Tivoli Systems Affected

Notified:  October 17, 2001 Updated: April 03, 2002

Status

Affected

Vendor Statement

      Introduction

      This document serves as an update regarding the current status of Tivoli/IBM products’ implementation of Simple Network Management Protocol (SNMP), Version 1, and the potential vulnerabilities related to the implementation.

      Tivoli has identified the following products that implement SNMP v1:

      §         Tivoli NetView for Unix

      §         Tivoli NetView for Windows

      §         Tivoli NetView Mid-Level Manager (MLM)

      §         Tivoli Comprehensive Network Address Translator (CNAT)

      §         Tivoli NetView for OS/390

      §         Tivoli Enterprise Console SNMP Adapter

      §         Tivoli Storage Network Manager

      §         Tivoli Risk Manager

      As an interim step, customers should be directed to secure their networks so as to prevent SNMP access from unknown sources.  The CERT advisory contains substantial information on this topic under the heading of “Ingress Filtering”.

      The following products have been identified for having the potential exposure:
      This information is current as of March 29, 2002.

      Identified Loss of Service
      The following products have been identified as containing issues that can result in loss of service:

      Tivoli NetView for Unix & Windows

      DETAILS

      Tivoli NetView for Unix & Tivoli NetView for Windows are vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.

      STATUS

      A fix is available (See the section on 𠆏ix Locations’).

      Tivoli NetView Mid-Level Manager (MLM) Agent for Solaris, HPUX, Windows and AIX

      DETAILS

      The Tivoli NetView Mid-Level Manager (MLM) on Solaris, HPUX, Windows and AIX (Version 7.1 and earlier) is vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.

      STATUS

      A fix is currently being tested and will be released.  (See the section on 𠆏ix Locations’).

      Tivoli Comprehensive Network Address Translator (CNAT)

      DETAILS

      This product is vulnerable to a temporary loss of service of the AIX system, which causes a loss of connectivity to the portion of the network relying on the CNAT system for NAT routing.

      STATUS

      A fix is currently being tested and will be released.  The fix will be available on this site (See the section on 𠆏ix Locations’).

      Tivoli NetView for OS/390 Version 1.2, 1.3, and 1.4 

      DETAILS:

      ABEND in E/AS (Event Automation Services) Trap-to-Alert adapter when Enterprise Object Identification (OID) is very large can occur.

      STATUS

      A fix is available.

      Tivoli Enterprise Console SNMP Adapter

      DETAILS

      The Tivoli Enterprise Console SNMP Adapter is vulnerable to a loss of service when subjected to certain SNMP get requests or traps.

      STATUS

      A fix is currently being tested and will be released.   

      Tivoli Risk Manager

      DETAILS

      The Tivoli Risk Manager utilizes the Tivoli Enterprise Console SNMP Adapter, which is vulnerable to a loss of service when subjected to certain SNMP get requests or traps as indicated in CA-2002-03.

      STATUS

      A fix is currently being tested and will be released.   

      Tivoli Storage Network Manager

      DETAILS

      This condition only affects TSNM's ability to monitor outband events via SNMP traps.  TSNM is capable of managing SANs via both outband mechanisms (SNMP queries to FC switches for topology discovery and receives SNMP traps for outband event detection) and inband mechanisms (managed hosts connected to the SAN via FC HBAs for topology and attribute discovery, and inband FC event detection).  Outband discovery, inband discovery, and inband event detection are not affected by this condition.

      STATUS

      This will be fixed in the next version of TSNM.

      PREVENTION

      In addition to the prevention noted above, customers should configure at least one Windows or SUN managed host per SAN to allow inband detection of SAN events.

      Fix Locations
      Service fixes to those products that have identified the issue will post the files in the following 2 locations:

      Web - http://www.tivoli.com/secure/support/documents/security/ca-2002-03.html

      FTP - ftp.tivoli.com/support/Support_Notes/SecurityBulletins/

      Questions
      For any questions, please contact your local call center or open a PMR through the online support page http://www.tivoli.com/support/reporting/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Toshiba International Corporation Affected

Notified:  January 15, 2002 Updated: April 16, 2002

Status

Affected

Vendor Statement

      Toshiba International Corporation
      SNMPv1 Request and Trap Handling Vulnerabilities

      This is in reference to the CERT Advisory CA 2002-03 regarding security vulnerabilities that may exist in network devices using SNMPv1 such as the TIC SNMP enabled product, RemotEye & RemotEyeII.

      Patches are being developed to repair these vulnerabilities. Please visit the RemotEyeII web site at http://RemotEye.Tic.Toshiba.com for the expected date for patch availability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisphere Networks Affected

Notified:  January 23, 2002 Updated: March 22, 2002

Status

Affected

Vendor Statement

      CUSTOMER SERVICE TECHNICAL BULLETIN

      SUBJECT: CERT Advisory CA-2002-03: Vulnerability in SNMP
      Implementation
      BULLETIN NUMBER: ERX_PSN-005
      BULLETIN TYPE: Product Support Notification
      AFFECTED PRODUCTS: ERX
      ISSUE DATE: 03/08/2002
      REVISION: 2.0

      PROBLEM DESCRIPTION:
      The CERT ® Coordination Center released an advisory on February 12,
      2002 entitled, "CERT ® Advisory CA-2002-03 Multiple Vulnerabilities
      in Many Implementations of the Simple Network Management Protocol
      (SNMP)". The URL for the full text of the advisory can be found at:

           http://www.cert.org/advisories/CA-2002-03.html

      AFFECTED PRODUCT(S):
      ERX 700/705/1400/1440

      SOLUTION:
      The following releases of software have been found to suffer no
      negative effects from execution of the PROTOS c06-SNMPv1 test suite
      authored by OUSPG, as outlined in CERT Advisory CA-2002-03:

           2-9-1p15-0
           2-10-1p1-0
           3-0-6p6-0
           3-2-3p1-0
           3-3-2p1-0
           3-4-0 REL

      Subsequent patches (e.g. 3-0-6p7-0 and greater) and maintenance
      releases (3-4-1) to those listed above have also tested successfully.
      All future releases will have been tested against PROTOS c06-SNMPv1
      as well. Earlier releases of software will experience higher than
      average SRP CPU utilization resulting in potential SNMP timeouts
      while the test suite is running, but recover immediately upon test
      completion. Packet forwarding during the test is not affected.
      Affected releases include:

           2-0-0  ­ 2-9-1p14-0
           2-10-0 ­ 2-10-1p0-3
           3-0-0  ­ 3-0-6p5-0
           3-1-0  ­ 3-1-0p2-0
           3-2-0  ­ 3-2-3
           3-3-0  ­ 3-3-2

      This Product Support Notification is publicly viewable on the Web at:

           http://support.unispherenetworks.com/websupport/CERT/erx_psn-005.pdf

      If you have any questions concerning this notice, or to obtain the
      latest patch release, please contact Unisphere Networks Customer
      Service.

           Inside the U.S. call: (800) 424-2344
           Outside the U.S. call: (978) 589-9000
           Via the Web @ http://support.unispherenetworks.com
           Via e-mail @ support@unispherenetworks.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Veritas SOFTWARE Affected

Updated:  April 24, 2002

Status

Affected

Vendor Statement

      Is VERITAS SANPoint Control affected by the Simple Network Management
      Protocol vulnerabilities cited in CERT Advisory CA-2002-03?


      TechNote ID: 245634 Last Updated: April 03 2002 01:37 AM GMT
      Email this document to a colleague

      Caution! The information in this TechNote is based upon certain
      assumptions, including product, operating system and platform
      versions. You can review this information in the
      TechNote Summary portion of this document.
      This document (245634) is provided subject to the disclaimer at the
      end of this document.


      ---------------------------------------------------------------------------------


      Symptom:

      Is VERITAS SANPoint Control affected by the Simple Network Management
      Protocol vulnerabilities cited in CERT Advisory CA-2002-03?


      Solution:


      On February 12, the CERT Coordination Center issued a CERT advisory
      citing vulnerabilities with multiple vendors Simple Network
      Management Protocol (SNMP) implementations. VERITAS SANPoint Control
      (SPC) was tested against the CERT SNMPv1 test suite and it was
      determined that SPC was affected by VU#107186 having to do with
      SNMPv1 Trap handling. If SPC is installed on a machine outside of a
      firewall, or inside of a firewall that does not properly block SNMP
      traffic, it could be open to a denial-of-service attack from the
      outside.



      This problem has been fixed in SPC 2.1.1. For information on how
      download the latest release, refer to technote 235218 (link in the
      Related sections of this TechNote).



      If it is not possible to upgrade, but you feel that your SPC hosts
      are at risk, then it will be necessary to disable SNMP traps which
      will affect SPC monitoring and reporting capabilities. Disabling
      traps will also affect some array monitoring that is done through
      traps and may slightly delay status notifications if hardware is
      being monitored through SNMP polls. For more information on SPC
      monitoring capabilities, refer to the Monitoring and Resolving
      Problems on the SAN guide in your SPC documentation set. To disable
      SNMP traps, modify the sal.conf file as shown here:



      [Exp.SNMPTRAP]

      DisableTrap=1



      In addition to disabling SNMP traps through the sal.conf file, it is
      also necessary to disable the VERITAS Trap Processor.

      On Windows:

      1. Go to Control Panel>Administrative Tools>Services

      2. Double-click on VERITAS Trap Service

      3. If the Service Status shows "Started", click the stop button.

      4. Change the Startup Type to Disabled

      5. Click OK



      On Solaris:

      Modify the /opt/VRTSspcs/vxspcs script as follows to keep the vxtrapd
      daemon from starting (location of this file may vary depending on the
      installation directory of the VRTSspcs package):



      start_trap ()

      {

      SAVEDIR=´pwd´

      # cd $BASE_DIR/VRTSspcs/trap/bin

      # ./vxtrapdstart.sh > /dev/null

      cd $SAVEDIR

      }



      For any additional information on CERT Advisory CA-2002-03, go to the
      following link: http://www.cert.org/advisories/CA-2002-03.html



      ----------------------------------------------------------------------------------
      TechNote Summary:
      TechNote Title: Is VERITAS SANPoint Control affected by the Simple
      Network Management Protocol vulnerabilities cited in CERT Advisory
      CA-2002-03?
      TechNote ID: 245634
      Last Updated: April 03 2002 01:37 AM GMT
      Related Documents: TechNote: 235218 - What is the latest version of
      VERITAS SANPoint Control?
      TechPDF: 242640 - VERITAS SANPoint Control 2.1 - Monitoring and
      Resolving Problems on the SAN with SANPoint Control 2.1

      This information in this TechNote applies to:
      Products: SANPoint Control (UNIX Platforms)    1.0, 1.0.1, 2.0,
      2.0.1, 2.1, 2.1.1
      SANPoint Control for Windows 2000

      Subject: SANPoint Control (UNIX Platforms) - Application -
      Informational

      Languages: English

      Operating Systems: Windows 2000 Professional    5.00.2195
      Windows 2000 Server    5.00.2195, 5.00.2195 SP 1, 5.00.2195 SP 2,
      Windows Powered, Windows Powered SP1, Windows Powered SP2
      Windows 2000 Advanced Server    5.00.2195, 5.00.2195 SP 1, 5.00.2195
      SP 2, Windows Powered, Windows Powered SP1, Windows Powered SP2
      Windows 2000 Datacenter Server    5.00.2195, 5.00.2195 SP 1,
      5.00.2195 SP 2
      Solaris    2.6, 7, 8
      Windows NT    4.0 Serv SP4, 4.0 Serv SP5, 4.0 Serv SP6a


      ----------------------------------------------------------------------------------


      VERITAS Software, 1600 Plymouth Street, Mountain View, California
      94043 World Wide Web: http://www.veritas.com
      Tech Support Web: http://support.veritas.com
      E-Mail for Classic VERITAS Products: support@veritas.com
      E-Mail for Classic Seagate Software Products:
      helpdesk@support.veritas.com
      FTP:ftp://ftp.support.veritas.com or http://ftp.support.veritas.com



      THE INFORMATION PROVIDED IN THE VERITAS SOFTWARE KNOWLEDGE BASE IS
      PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. VERITAS SOFTWARE
      DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
      WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
      IN NO EVENT SHALL VERITAS SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY
      DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
      CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
      VERITAS SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
      POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
      OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
      THE FOREGOING LIMITATION MAY NOT APPLY.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Vertical Networks Inc. Affected

Notified:  January 12, 2002 Updated: August 04, 2003

Status

Affected

Vendor Statement

The Vertical Networks InstantOffice product was vulnerable to the SNMP issues VU#854306 and VU#107186. This problem was first corrected in InstantOffice version 4.0 Service Pack 1.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Vina Technologies Affected

Updated:  April 19, 2002

Status

Affected

Vendor Statement

      Vina is addressing the CERT advisory & evaluating the impact over all its products.  Security of our customers networks is of prime importance to us.  Integrator 300 & eLink family products have verified no vulnerability with the fix put in place effective 4/08/2002.  Testing is still in progress for MX 500/550/600 & MBX 1000 products.  Initial results have shown that customers running Frame Relay as WAN protocol are not affected.  Action is being taken to evaluate & fix if any PPP or Cisco HDLC encapsulation vulnerabilities are found by running the  'PROTOS c06-snmpv1 test suite' mentioned in the advisory .  VINA will continue to update its statement on this site as additional info becomes available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems, Inc. Affected

Notified:  January 15, 2002 Updated: March 11, 2002

Status

Affected

Vendor Statement

      Envoy SNMP Agent Source Code v9.0+:
      After extensive testing against the PROTOS c06-snmpv1 test suite, we have
      not been able to reproduce any of the SNMPv1 security problems VU#854306 and
      VU#107186 in our current SNMP Source Code products: Envoy SNMP v9.0, v9.1,
      v9.2, and v9.3 Beta.  We ran the tests without seeing any impact on system
      memory or any other unusual behavior.  We encourage all customers to upgrade
      to the current version of Envoy SNMP Source Code Agent.

      WindNet SNMP Agent Binary Objects v2.0:

      Testing against the PROTOS c06-snmpv1 test suite has revealed a
      vulnerability in the current version of WindNet SNMP v2.0.  The specific
      impact is a memory leak caused by the exceptional element E-01.  This
      vulnerability can be demonstrated by test #1421 (among others) in the
      req-enc test suite.  A fix is currently available from Wind River support
      and on WindSurf for customers with valid maintenance contracts.  WindNet
      SNMP Binary v2.0 customers under maintenance can also eliminate the
      vulnerability by upgrading to Envoy SNMP Source v9.2.  This vulnerability was previously
      fixed as a "potential leak" in the Envoy v9.0 Agent Source Code release.
      WindNet SNMP v2.0 is a binary distribution of Envoy v8.0, so it did not
      include this fix.  No current Envoy Source release (v9.0+) is effected by this
      vulnerability.

      Note: As Wind River's Envoy SNMP is a source code product, customer's
      modifying Envoy MAY introduce vulnerability to VU#854306 and VU#107186.
      We are especially seeing problems with buffer overruns in customer community
      string validation routines.  Wind River recommends individual testing
      against the test suite of any customer product incorporating a SNMP agent, particularly
      MODIFIED Envoy SNMP source code.

      Wind River customers under support and maintenance have received the current
      product releases.  Supported customers should Contact Wind River support at
      support@windriver.com or call (800) 458-7767 with any test reports related
      to VU#854306 and VU#107186, or for more information.  Customers who need to
      renew support or wish to upgrade to a supported version (Envoy v9.0+ and
      WindNet SNMP v2.0) should contact their Wind River Account Manager, or
      1-800-545-WIND (1-800-545-9463) if they do not have an Account Manager.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

World Wide Packets Affected

Notified:  January 10, 2002 Updated: February 27, 2002

Status

Affected

Vendor Statement

      World Wide Packets
      Product notes and recommendations:

      LE-2X and 3X portals, LE-2XX and LE-4XX concentrators
      Future software releases of WWP Products will address the vulnerabilities identified in the following CERT vulnerability advisories.  Current target is to provide patch builds by Q2 � that permanently address these issues.  Please contact support@wwp.com for details and status.

      VU#854306 (Multiple vulnerabilities in SNMPv1 request handling)
      VU#107186 (Multiple vulnerabilities in SNMPv1 trap handling)
      Until these releases become available, we recommend that the following steps may be taken to help reduce exposure to these vulnerabilities.
      In all concentrators:
      *Disable SNMP from interfaces through which SNMP commands should not be received, such as those providing connection from the Internet or Extranets.

      *Use management VLANs or out-of-band management to contain SNMP traffic and multicasts. These do not prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.
      In the snmp.cfg file of all devices, define the community with the IP address of the Management Station.
      Example:
      Instead of
      !snmp_cs_1=1, public, 0.0.0.0, read
      !snmp_cs_2=1, private, 0.0.0.0, write
      Use
      !snmp_cs_1=1, <new public string>, <Mgmt Station Ip Address>, read
      !snmp_cs_2=1, <new private string>, <Mgmt Station Ip Address>, write
      Note: Even when community strings are changed from their defaults, they will still be passed in plaintext and are therefore subject to packet sniffing attacks. SNMPv3 offers additional capabilities to ensure authentication and privacy as described in RFC2574.
      LE-3700 Distributor
      *Disable SNMP from interfaces through which SNMP commands should not be received, such as those providing connection from the Internet or Extranets
      *Use Access Control Lists at the access edge to prevent SNMP traffic from unauthorized internal hosts from entering the network.
      *Use management VLANs or out-of-band management to contain SNMP traffic and multicasts. These do not prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.
      *Enable 802.1X port-locking and RADIUS to prevent unauthenticated users from attaching to the network.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Xerox Corporation Affected

Notified:  January 11, 2002 Updated: April 01, 2003

Status

Affected

Vendor Statement

Xerox is aware of this advisory. A response regarding all Xerox products that use SNMPv1 is available from our web site: www.xerox.com/security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

e-Security Inc. Affected

Updated:  March 19, 2002

Status

Affected

Vendor Statement

      e-Security Advisory:
      SNMPv1 Request and Trap Handling Vulnerabilities
      Revision 1.0
      Release Date: March 14, 2002

      Summary

      On February 12, 2002 the CERT®/CC released an advisory related to
      security vulnerabilities that may exist in network devices using
      SNMPv1 as the management protocol. The vulnerabilities may allow
      unauthorized privileged access, denial of service attacks, or cause
      unstable behavior.  In response to this advisory, "CERT® Advisory
      CA-2002-03 Multiple Vulnerabilities in Many Implementations of the
      Simple Network Management Protocol (SNMP)", e-Security began
      executing the tests that elicit these vulnerabilities for all
      e-Security products.

      The issue centers on the SNMP library that we use in our products to
      communicate in SNMP versions 1,2 & 3.  Currently, e-Security uses
      SNMP Research's Emanate 15.2.7 on with our agents (e-Wizard and eSAW)
      and UC Davis 4.0.1 with our control center (e-Sentinel and OeSP).

      Preliminary test results have indicated that e-Sentinel, e-Wizard,
      OeSP, and e-SAW products exhibited the vulnerabilities in the CERT®
      Advisory.

      Though we were affected with the vulnerabilities in our code, note
      this should not be viewed as a negative statement on SNMP protocol,
      as the latest packages from UC Davis and SNMP Research are not
      vulnerable to these exploits.

      Solution

      e-Security has applied the PROTOS c06-SNMPv1 test suite to all
      e-Security products and has released patches to eliminate these
      vulnerabilities.  Our patches address e-Security products through
      v.3.1.  Future releases of e-Security products will utilize the
      latest packages from UC Davis and SNMP Research which have resolved
      these vulnerabilities.

      e-Security also  recommends considering one or more of the following
      solutions to minimize your network's potential exposure to these
      vulnerabilities:

      · Ingress filtering
      · Egress filtering
      · Filter SNMP traffic from non-authorized internal hosts
      · Change default community strings

      For Further Information

      Contact e-Security Customer Support at 1-800-474-3131, or you can
      e-mail us at support@esecurityinc.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

net.com Affected

Updated:  March 07, 2002

Status

Affected

Vendor Statement

      Network Equipment Technologies, dba net.com
      Security Advisory:
      SNMPv1 Request and Trap Handling Vulnerabilities
      Release Date: 22 February 2002

      On February 12, 2002 the CERT®/CC released an advisory related to security vulnerabilities that may exist in network devices using SNMPv1 as the management protocol. In response to this advisory, CERT® Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)", net.com began executing the tests that elicit these vulnerabilities for all net.com products that feature SNMPv1 capability.

      Preliminary analysis indicates that multiple net.com products may exhibit certain vulnerabilities to SNMP messages as described in this Advisory. net.com is currently applying the PROTOS c06-SNMPv1 test suite to all products that feature SNMPv1 capability.
      Until net.com has completed testing on all of its products and provided patches or fixes to eliminate these vulnerabilities, net.com recommends one or more of the following best practices, as identified in CERT® Advisory CA-2002-03, to minimize your network’s potential exposure to these vulnerabilities:
      · Disable SNMP on workstations or devices not being managed by SNMP managers.
      · Ingress filtering
      · Egress filtering
      · Filter SNMP traffic from non-authorized internal hosts
      · Segregate SNMP traffic onto a separate management network
      · Restrict SNMP traffic to Virtual Private Networks (VPNs)
      · Change default community strings

      For more information please see: www.net.com/service/

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ADVA AG Optical Networking Not Affected

Updated:  August 21, 2002

Status

Not Affected

Vendor Statement

ADVA Optical Networking is addressing the SNMP vulnerabilities identified in the advisory CA-2002-03 ( <http://www.cert.org/advisories/CA-2002-03.html> http://www.cert.org/advisories/CA-2002-03.html) across the entire product line.

ADVA is currently applying the test suite provided by OUSPG (PROTOS c06-snmpv1 test suite) to all of its products.

Following products are tested against possible effects of the vulnerability report VU#854306 - Multiple vulnerabilities in SNMPv1 request:

Vendor Information

None

Addendum

None

AVET Information and Network Security Not Affected

Updated:  April 05, 2002

Status

Not Affected

Vendor Statement

      AVET FireBorder OS (any version, including 1.4) is not vulnerable to the following vulnerabilities: - CAN-2002-0012 - CAN-2002-0013

      This is due to several reasons:

      - AVET FireBorder OS does not contain SNMP server
      - administrator user can not install SNMP server due to lack of privileges
      - system architecture would not allow to run arbitrary code in any of running network daemons; theoretically under some circumstances it could be possible to perform remote DoS attack on vulnerable servers; still to install and run SNMP daemon local user would need to bypass default permission and ACL settings.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Allied Telesyn International Not Affected

Notified:  January 11, 2002 Updated: August 18, 2003

Status

Not Affected

Vendor Statement

SNMPVulnerability.pdf

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alvarion Ltd. Not Affected

Updated:  March 18, 2002

Status

Not Affected

Vendor Statement

      In response to CERT® Advisory CA-2002-03 regarding multiple vulnerabilities
      in many implementations of the Simple Network Management Protocol (SNMP),
      Alvarion performed a varied and thorough set of tests on its BreezeACCESS
      and WALKair products. The tests performed are the ones recommended by the
      PROTOS project paper.

      Following these tests, Alvarion found no denial of service, memory
      corruption, stack corruption or other fatal error conditions in its
      BreezeACCESS and WALKair products.

      In addition, Alvarion's BreezeACCESS and WALKair products implement the
      following additional security measures which are recommended by the PROTOS
      project report:

      1. Perimeter filtering to SNMP traffic.
      2. SNMP device based network access control to filter the traffic.
      3. Isolation of SNMP traffic into a separate management VLAN (applicable for
      BreezeACCESS II, XL and MMDS).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer, Inc. Not Affected

Notified:  October 17, 2001 Updated: March 12, 2002

Status

Not Affected

Vendor Statement

      The only product currently shipping with SNMP software is the
      AirPort Base Station.  The AirPort Base Station has been tested and no
      security vulnerabilities associated with advisory CA-2002-03 have been
      found.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Asante Technologies Inc. Not Affected

Notified:  January 10, 2002 Updated: March 05, 2002

Status

Not Affected

Vendor Statement

      Asante manaufactures and supplies a large range of SNMP
      managed  enterprise LAN switches  and related products. The
      following products  have been fully tested and are found NOT to be
      affected by the SNMP  vunerabilities outlined in VU#854306 and
      VU#107186.

      6524 - 24 port 10/100 switch with 2 GBIC's
      3524 - 24 port 10/100 stackable switch with 2 GBE slots
      8000 - 24 port 10/100 modular stackable switch with 3 GBE slots
      6014 - 12 port 10/100 IntraStack Switch
      2072 - Chassis based modular solution
      Netstacker II - 24 port 10/100 stackable hub with MII slot
      FriendlyNET range of products.

      Asante is continuing to address possible vulnerabilities across its
      entire FriendlyNET, IntraCore and all other product lines.
      Please contact  support@asante.com for further
      information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Astracon Not Affected

Updated:  August 15, 2002

Status

Not Affected

Vendor Statement

      The Astracon Stinger NetConnect is safe against the vulnerability reported by VU#107186. The Stinger NetConnect processes SNMP responses only. Since the trap demon is never invoked, the Stinger NetConnect will never receive a trap; it is always safe.

      The Stinger NetConnect doesn't accept SNMP requests, but can send SNMP version 1 or version 3 requests. By configuring the NetConnect to use only SNMP version 3, the vulnerabilities caused when using SNMP version 1 in the network will be avoided.

      In order to ensure safety against the vulnerability reported by VU#854306 and VU#107186, the test cases at http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/ were executed, with no adverse effect on the NetConnect. The Stinger NetConnect passed all of the test cases.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avici Systems Inc. Not Affected

Updated:  February 21, 2002

Status

Not Affected

Vendor Statement

      Avici Systems has tested the TSR and SSR product lines, including all
      associated line card modules according to recommendations issued by CERT,
      and has found no security vulnerabilities associated with Advisory
      CA-2002-03 (Multiple Vulnerabilities in Many Implementations of SNMP).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BinTec Communications AG Not Affected

Updated:  June 11, 2002

Status

Not Affected

Vendor Statement

      BinTec Communications announces that SNMP vulnerabilty VU#854306 reported in
      March has been resolved with System Software Release 6.2.1.  If you do not
      wish to use the workarounds suggested in March in order to obviate possible
      exploits of VU#854306, you can update your system. The software is currently
      available as BETA software from www.bintec.net, and the final release is
      expected in June.

      Please, note that BETA software is susceptible to malfunctions, and that
      BinTec Communications does not assume responsibility for any problems
      arising from the use of BETA software. If you do not want to use System
      Software Release 6.2.1 BETA, you can still use the workarounds suggested in
      our initial statement.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cambridge Broadband Limited Not Affected

Notified:  January 12, 2002 Updated: February 25, 2002

Status

Not Affected

Vendor Statement

      Cambridge Broadband's products use the ucd-snmp package, version 4.2.3,
      with proprietary extensions.  We have tested our build of the software
      with the OUSPG test suites and determined that it is not susceptible to
      these vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Canoga Perkins Corporation Not Affected

Updated:  April 12, 2002

Status

Not Affected

Vendor Statement

Please see http://www.canoga.com/technical_bulletins.htm

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point Not Affected

Updated:  February 21, 2002

Status

Not Affected

Vendor Statement

Check Point Statement on SNMP Vulnerability Test Suite

Recently, an automated suite has been released which tests products for known SNMP vulnerabilities.

FireWall-1, by default, blocks all SNMP communication to, from, or across a FireWall-1 gateway. SNMP communication is enabled only if the administrator writes a specific rule which allows the communication.

SNMP communication is not required for correct functionality of any Check Point products.

If SNMP monitoring of Check Point firewalls is needed, Check Point recommends that the FireWall-1 rule base tightly restrict SNMP communication and that all relevant operating system security patches be applied.

Check Point knows of no SNMP-related security issues in any of its products, and has conducted an extensive review to ensure that none exist.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CipherTrust INC Not Affected

Updated:  February 28, 2002

Status

Not Affected

Vendor Statement

      This is in reference to your notification regarding VU#107186 and VU#854306.
      CipherTrust has confirmed that IronMail is not vulnerable to these issues.
      IronMail allows alert notification via SNMP traps. This allows the IronMail
      to be integrated into SNMP managed services without being open to
      vulnerabilities such as these. Specifically, due to the way that IronMail
      uses SNMP, it does not receive requests or traps.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Controlware GmbH Not Affected

Updated:  March 20, 2002

Status

Not Affected

Vendor Statement

      Controlware GmbH

      In order to determine the impact of these vulnerabilities, Controlware immediately started extensive testing of the effected products. The results of these tests can be viewed on the Website.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Corsaire Limited Not Affected

Updated:  February 25, 2002

Status

Not Affected

Vendor Statement

Corsaire Limited response to SNMP Vulnerability Test Suite (CERT Advisory
CA-2002-03)

Corsaire Limited have analysed the Secure Technical Assistance Centre (STAC)
SNMP agent software that is used as part of their managed services solution
and can confirm that the agent is not susceptible to any of the
vulnerabilities reported.

The STAC SNMP agent software has been entirely developed in-house and does
not rely on any third-party libraries. Probing by the PROTOS test suite is
correctly recognised as malformed packets and reported as such within the
audit trail.

Further information is available from http://www.corsaire.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Covalent Not Affected

Notified:  January 09, 2002 Updated: February 12, 2002

Status

Not Affected

Vendor Statement

Covalent Technologies has tested the Enterprise Ready Server, Managed Server, and Covalent Conductor SNMP module according to recommendations issued by CERT, and has found no security vulnerabilities associated with Advisory CA-2002-03.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems Not Affected

Notified:  January 09, 2002 Updated: February 28, 2002

Status

Not Affected

Vendor Statement

      D-Link has tested our DES-3226, DES-3326, DES-3624i and DES-6000 products
      and determined that these products are not susceptible to the SNMP
      vulnerability issue.  Since all D-Link products with SNMP agent use the
      same code base, D-Link has concluded that all of our products do not have
      the SNMP vulnerability issue.  However, we continue to evaluate and
      investigate all D-Link products implemented with SNMP agent.  Upon
      completion of our evaluation, D-Link will provide and post an update with
      our thorough test results.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

DMH Software Not Affected

Notified:  January 09, 2002 Updated: April 28, 2002

Status

Not Affected

Vendor Statement

DMH Software applied the OULU University test suite to its various

portable snmp-agent products: SNMPv1, SNMPv2c and SNMPv3.

We found that the following or later releases of DMH portable
snmp-agent products are NOT vulnerable to CERT vulnerability advisory
VU#854306 (Multiple vulnerabilities in SNMPv1 request handling)


(1) SNMPv1 Agent version - 2.0.9.1

(2) SNMPv2c Agent version - 3.0.5.3

(3) SNMPv3 Agent version - 4.0.8.2


The above releases, or newer releases, are currently available to our
customers. We strongly recommend our customers to contact us to obtain
an upgrade and update their source code.

Please note that we received notes from some of our customers who
reported that previous releases of DMH snmp-agent products were tested
an found not vulnerable to VU#107186. Nevertheless we recommend an
upgrade to the recent releases.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Dartware LLC Not Affected

Notified:  January 09, 2002 Updated: March 05, 2002

Status

Not Affected

Vendor Statement

      Dartware, LLC (www.dartware.com) supplies two products that use SNMPv1 in a
      manager role, InterMapper and SNMP Watcher. These products are not vulnerable to
      the SNMP vulnerability described in [VU#854306 and VU#107186]. This statement
      applies to all present and past versions of these two software packages.

      In addition, our port of net-snmp to MacOS X has been updated to version 4.2.2,
      and is not susceptible to this attack. More information is available from
      http://www.dartware.com/net-snmp/

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Efficient Networks Inc Not Affected

Notified:  January 10, 2002 Updated: March 04, 2002

Status

Not Affected

Vendor Statement

      Efficient Networks, Inc. has reviewed CERT Advisory CA-2002-03 and is
      performing the recommended tests to determine if its products are impacted.
      The following products do not have SNMP management capabilities and are not
      affected: SpeedStream 1000, 2000, 3000, 4000, 5200, and 5300 series devices,
      as well as the 5667 bridge product.  Testing is still in progress on other
      Efficient Networks' products. Efficient Networks will continue to update its
      statement on this site as additional information becomes available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks Inc. Not Affected

Notified:  January 10, 2002 Updated: February 18, 2002

Status

Not Affected

Vendor Statement

According to testing completed by Foundry engineering using
the stress tools recommended by CERT, we determined that NO Foundry
devices are affected by any known SNMP security issue. All of Foundry's
products use the same SNMP engine with varying SNMP versions (v1, v2c,
and v3), and all SNMP versions have been tested.

We are extremely appreciative to CERT's help during our testing period,
and would like to wholeheartedly thank everyone involved.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Future Communications Software Not Affected

Notified:  January 09, 2002 Updated: November 05, 2002

Status

Not Affected

Vendor Statement

FutureSoft has tested its SNMP Product FutureSoftSNMP Release 5.0.1.0 according to the recommendations issued by CERT, and has found no security vulnerabilities associated with Advisory CA-2002-03 (Multiple Vulnerabilities in Many Implementations of SNMP).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Guardian Digital Inc. Not Affected

Updated:  January 03, 2002

Status

Not Affected

Vendor Statement

EnGarde Secure Linux did not ship any SNMP packages in version 1.0.1 of our distribution, so we are not vulnerable to either bug.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Interniche Technologies Not Affected

Notified:  January 12, 2002 Updated: September 22, 2003

Status

Not Affected

Vendor Statement

InterNiche Technologies, Inc.'s SNMPv1 product is not susceptible to problems described in CERT Advisory VU#107186.

Product evaluation did uncover a weakness with respect to Advisory VU#854306, which has been resolved.

A patch is available to InterNiche customers under the terms of their support agreement.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

LOGEC Systems Inc. Not Affected

Notified:  January 11, 2002 Updated: February 12, 2002

Status

Not Affected

Vendor Statement

The products from LOGEC Systems are exposed to SNMP only via HP OpenView. We do not have an implementation of SNMP ourselves. As such, there is nothing in our products that would be an issue with this alert.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lexmark International Inc. Not Affected

Notified:  January 14, 2002 Updated: February 20, 2002

Status

Not Affected

Vendor Statement

      Lexmark International has tested the current MarkNet network adapters
      and current Lexmark Utilities (MarkVision Professional) according to
      recommendations issued by CERT.   Lexmark Utilities are not
      vulnerable.  Below is a list of tested MarkNet devices and
      information on obtaining updated network firmware when necessary:

      Printer/Network Adapter type            Fix Revision (if applicable)

      Lexmark E322n Laser Printer            4.20.14 or greater
      Lexmark T520n Laser Printer            Not vulnerable
      Lexmark T522n Laser Printer            Not vulnerable
      Lexmark T620n Laser Printer            Not vulnerable
      Lexmark T622n Laser Printer            Not vulnerable
      Lexmark Optra W810n Laser Printer        3.20.14 or greater
      Lexmark W820n Laser Printer            Not vulnerable
      Lexmark Optra C710nSBE Laser Printer        3.20.14 or greater
      Lexmark Optra C710n Laser Printer        3.20.14 or greater
      Lexmark C720n Color Laser Printer        3.20.14 or greater
      Lexmark C720dn Color Laser Printer        3.20.14 or greater
      Lexmark C750n Color Printer            Not vulnerable
      Lexmark C750dn Color Printer            Not vulnerable
      Lexmark C910n Color Printer            Not vulnerable
      Lexmark C910dn Color Printer            Not vulnerable
      Lexmark Optra Color 45n            3.20.14 or greater
      Lexmark Optra T610n Laser Printer        3.20.14 or greater

      MarkNet N2001e                 3.20.14 or greater
      MarkNet N2000t                   3.20.14 or greater
      MarkNet N2002e                 3.20.14 or greater
      MarkNet N2003fx-MTRJ             3.20.14 or greater
      MarkNet N2003fx-SC                  3.20.14 or greater

      MarkNet N2401e                 5.20.14 or greater
      MarkNet N2501e                 5.20.14 or greater

      MarkNet X2011e                 4.20.14 or greater
      MarkNet X2012e                 4.20.14 or greater
      MarkNet X2030t                 4.20.14 or greater
      MarkNet X2031e                 4.20.14 or greater
      MarkNet XI                    4.20.14 or greater
      MarkNet XP                    4.20.14 or greater

      MarkNet Pro network family            2.10.193 or greater
      MarkNet S network family            1.10.193 or greater

      Lexmark X820e MFP                Not vulnerable
      Lexmark X7500 MFP                   Not vulnerable

      None of the Lexmark network adapters are vulnerable once the
      community name is changed.  If unable to update to one of the above
      firmware levels, Lexmark recommends changing the community name.

      Firmware updates are available at:
      http://support.lexmark.com/en/cert_ca-2002-03.html

      For questions related to these or other Lexmark devices please
      contact 1-800-LEXMARK.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Modlink Networks Not Affected

Notified:  January 10, 2002 Updated: March 25, 2002

Status

Not Affected

Vendor Statement

      We ran all recommended tests and found no problems in handling them. All tests passed, no memory leaks, out of bound array references, or crashing were reported.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Muonics Not Affected

Updated:  June 11, 2003

Status

Not Affected

Vendor Statement

Muonics added SNMP management-role (request originator) capabilities to its MIB Smithy series of products starting with version 2.0. Notification (trap/inform) processing was added in version 2.1 (the current version as of this report). Neither version supports agent-role (request processor) capabilities at this time. However, all PDU types are fully parsed by both versions, including requests, before unsupported PDU types are discarded by the dispatcher layer.

Both versions of MIB Smithy SDK, from which all of the MIB Smithy series are derived, have been fully tested with all four of the PROTOS c06-SNMPv1 Test Suites. Version 2.0 binds to any available port for sending requests and receiving responses. Since this was not conducive to testing, a special build was required, with the only difference from the official 2.0 release being a hard-coded binding to ports 161 and 162 as appropriate. Version 2.1 allows configuration of a bind port for receiving notifications, so it was not an issue for that version.

After running the full series of tests we found both versions to behave as expected, with no signs of failure. We have thus concluded that Muonics' past and current product versions are not susceptible to the security vulnerabilities associated with CA-2002-03.

VU#107186 - Not Vulnerable
VU#854306 - Not Vulnerable

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetScreen Not Affected

Updated:  February 21, 2002

Status

Not Affected

Vendor Statement

      NetScreen's Global PRO and Global PRO Express do not have an SNMP agent or
      manager and are not sensitive to the issues raised in VU#107186
      (CAN-2002-0012), "Multiple vulnerabilities in SNMP v1 trap handling". No
      change in behavior or operation is required.

      NetScreen determined that the SNMP agent within all versions of ScreenOS
      is sensitive to certain of the issues  described in VU#854306
      (CAN-2002-0013), "Multiple vulnerabilities in SNMP v1 request handling".
      These vulnerabilities can in certain circumstances be exploited to produce
      a denial of service.  These vulnerabilities cannot be used to gain
      management control of the device.

      NetScreen has developed and tested maintenance releases of ScreenOS
      software that address these vulnerabilities. All NetScreen security
      appliances and systems shipped from NetScreen after Wednesday 13 February
      2002 have software pre-installed at the factory that addresses these
      vulnerabilities. Customers may download maintenance releases from the
      NetScreen support web site (http://www.netscreen.com/support/ ).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Network Associates Not Affected

Notified:  October 18, 2001 Updated: January 25, 2002

Status

Not Affected

Vendor Statement

PGP is not affected, impacted, or otherwise related to this VU#.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia Not Affected

Notified:  October 02, 2001 Updated: January 03, 2002

Status

Not Affected

Vendor Statement

Nokia's vulnerabilities occur solely in the request handling code, not in the Trap handling code.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD Not Affected

Notified:  October 17, 2001 Updated: February 08, 2002

Status

Not Affected

Vendor Statement

OpenBSD does not include snmp software.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

QUALCOMM Not Affected

Notified:  October 17, 2001 Updated: December 19, 2001

Status

Not Affected

Vendor Statement

WorldMail does not support SNMP by default, so customers who run unmodified installations are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Quallaby Corporation Not Affected

Updated:  February 27, 2002

Status

Not Affected

Vendor Statement

      QUALLABY's findings to date regarding the recent CERT advisory are as follows:

      CERT Advisory CA-2002-03

      VU#854306 - Multiple Vulnerabilities in SNMPv1 Request Handling -
      This advisory is not applicable to PROVISO as it is a management
      system and not an agent. As a management system, PROVISO does not accept SNMP requests.
      PROVISO sends SNMP requests and processes subsequent SNMP responses.

      CERT Advisory CA-2002-03

      VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling -
      This advisory is not applicable to PROVISO as it does not accept
      SNMP Trap PDU. PROVISO only sends SNMP Traps.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Quick Eagle Networks Not Affected

Updated:  March 13, 2002

Status

Not Affected

Vendor Statement

      Quick Eagle Networks, Inc. is a provider of intelligent WAN access solutions for IP and frame relay networks, and the world leader in multilink access devices. Quick Eagle Networks continues to be committed to ensure a high level of security and reliability of our customer’s networks. Part of this commitment includes prompt responses to security issues discovered by organizations such as the CERT® Coordination Center.

      I. Overview

      On February 12, 2002 the CERT®/CC released an advisory related to security vulnerabilities that may exist in network devices using SNMPv1 as the management protocol. In response to this advisory (CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol), Quick Eagle Networks Inc. began immediately investigating whether these vulnerabilities impact Quick Eagle's products.

      II. Test Procedures

      Quick Eagle Networks is currently applying the PROTOS c06-SNMPv1 test suite to all products and its variations that feature SNMPv1 capability. The tests evaluate the robustness of the application logic of the SNMPv1 implementation as well as the robustness of the BER decoder of the SNMPv1 implementation.

      III. Impact

      Preliminary test results have not indicated any vulnerability that will allow an
      attacker to gain access. In general, Quick Eagle Networks' products use out of
      band management, eliminating the chances of an attacker to gain access from the
      outside of a network. While most of Quick Eagle Networks' newer WAN access
      devices have already passed the test, some of Quick Eagle Networks' older
      products are still under investigation.

      IV. Solution

      Until Quick Eagle Networks has completed testing on all of its products and provided patches or fixes to eliminate these vulnerabilities, Quick Eagle Networks recommends considering one or more of the following solutions, as also identified in CERT® Advisory CA-2002-03, to minimize your network’s potential exposure to these vulnerabilities:

      · Disable SNMP on the device
      · Change the default community strings
      · Disconnect the management port. This won’t have any impact on your network traffic as Quick Eagle’s solutions use out of band management.

      The recommendations above apply only for those products that are still under evaluation. Please refer to our status report for further information.

      IV. Status Reports

      For more information please visit http://www.quickeagle.com/support/cert.asp

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

RAD Data Communications Not Affected

Notified:  January 09, 2002 Updated: March 26, 2002

Status

Not Affected

Vendor Statement

      The security of our customer's networks is of highest priority to RAD Data
      Communications Ltd. ("RAD"). RAD is aware of CERT's Advisories VU#854306 and
      VU#107186, and is working together with it's partners to assess if any of
      its products might be affected.

      VU#107186: RAD's Network Management System (RADview) is not vulnerable to
      the extent of working in conjunction with 3rd party products, such as Castle
      Rock's SNMPc 5, HP's NNM 6.2, Microsoft's Windows NT4 and Sun's Solaris 2.7.
      Customers are advised to consult the respective responses of these vendors,
      available at http://www.kb.cert.org/vuls/id/854306 and verify that they comply with each vendor's specific recommendations.

      VU#854306: As a first measure, we have requested from 3rd party software
      developers, the products of which are integrated within RAD's SNMP agents
      and Network Management station, to provide us with statements as to their
      products vulnerabilities and their potential impact. We are currently
      waiting for their conclusions. In parallel, RAD is in process of internally
      setting up the testing schedules and facilities to ascertain the
      vulnerability of our products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sierra Wireless Not Affected

Notified:  January 13, 2002 Updated: February 14, 2002

Status

Not Affected

Vendor Statement

We are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sinetica Corporation Limited Not Affected

Notified:  January 11, 2002 Updated: October 15, 2002

Status

Not Affected

Vendor Statement

We have tested against the conditions laid out by the CERT-Advisory CA-2002-03, and find that we are 'not Vulnerable'.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SolarWinds.Net Inc. Not Affected

Updated:  March 05, 2002

Status

Not Affected

Vendor Statement

      While the SolarWinds tools are not susceptible to the vulnerabilities
      listed within this advisory, SolarWinds products can be used to
      determine if SNMP agents contain known vulnerabilities.

      SolarWinds supports the recommendations made by CERT regarding SNMP
      implementations and has released a Router Security Check tool that
      can be used to check routers and switches for several known SNMP
      security flaws.

      For more information on using the SolarWinds tools to secure your
      SNMP implementation please visit:
      http://www.solarwinds.net/Tools/Security/Security_SNMP.htm

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Standard Networks Inc. Not Affected

Updated:  February 21, 2002

Status

Not Affected

Vendor Statement

      Standard Networks offers a "mainframe connectivity" family of products under the "UniGate" brand name.
      These products contain SNMP agents. After reviewing the recent information regarding SNMP vulnerabilities,
      performing a source code audit and running a variety of publicly available SNMP exploit suites (including the OUSPG test suite),
      we believe the UniGate product is not vulnerable to the problems described in VU#854306.

      SNMP agent services are enabled by default on UniGate after version 3.6.07. (This version was released in late 1995; anyone
      with a "Year 2000 Compliant" version runs SNMP services.) It is not currently possible to turn on and shut off SNMP services
      on a UniGate, but it is possible to change the "inquiry" and "update" strings to unusual values (i.e. "m2H9j3s4")
      to prevent unauthorized access to the machine. Alternatively, a current version of the UniGate software with SNMP "hardcoded off "(3.99.31)
      is available from Standard Networks directly for customers who feel they need to have this service disabled immediately.
      (A future version will allow users to toggle SNMP services on and off.)

      Attempts to find or exploit SNMP vulnerabilities on a UniGate platform will often cause the UniGate to log those attempts
      as "Community Errors" or "Misc Errors" on the "SNMP Statistics" screen and/or as "IP: Fragment Msg too big" errors on the main status screen.

      Standard Networks' "OpenIT mainframe connectivity" product will also act as an SNMP agent if SNMP is enabled under Windows NT (rare).
      OpenIT customers are encouraged to follow "Microsoft Corporation's" latest recommendations regarding Windows
      NT SNMP issues if they are using this service. It is however possible to immediately disable any active SNMP services on
      any OpenIT platform by stopping the "SNMP" service from the "Services Control Panel."

      No other Standard Networks products (i.e. "EMU Terminal Emulator", "ActiveHEAT Host Access", the "MOVEit" family of secure file transfer products) are affected by this issue.

      Customers are encouraged to call Standard Networks immediately (+001 608.227.6100) with any questions or concerns about their specific configuration.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TANDBERG Not Affected

Notified:  January 12, 2002 Updated: February 13, 2002

Status

Not Affected

Vendor Statement

Tandberg have run all the testcases found the PROTOS test-suite, c06snmpv1:

    1. c06-snmpv1-req-app-pr1.jar
    2. c06-snmpv1-req-enc-pr1.jar
    3. c06-snmpv1-trap-app-pr1.jar
    4. c06-snmpv1-trap-enc-pr1.jar
      The tests were run with standard delay time between the requests (100ms), but also with a delay of 1ms. The tests applies to all TANDBERG products (T500, T880, T1000, T2500, T6000 and T8000). The software tested on these products were B4.0 (our latest software) and no problems were found when running the test suite.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      TMP Consultoria S/C Not Affected

      Updated:  February 21, 2002

      Status

      Not Affected

      Vendor Statement

          The Computer Emergency Response Team (CERT) has issued last week an
          advisory regarding numerous vulnerabilities affecting most vendors'
          SNMP implementations. This advisory, which can be accessed on
          http://www.cert.org/advisories/CA-2002-03.html, specifically addressed
          vulnerabilities on the implementations' handling of SNMPv1 trap and
          request PDUs (more specifically, the handling of the Trap, Get, Set,
          and GetNext PDUs).

          TMP would like to state that we have evaluated the impact of those
          vulnerabilities on our WANView line of network management solutions,
          and that we are in NO WAY vulnerable to any of the issues reported,
          as follows:

          VU#854306 - Multiple Vulnerabilities in SNMPv1 Request Handling: This
          advisory is not applicable to WANView, because WANView does not accept
          or process in any way SNMP Get/Set/GetNext PDUs; rather, WANView sends
          those requests to the monitored equipment, and process subsequent
          responses.

          VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling: This
          advisory is not applicable to WANView either, because WANView currently
          does not accept SNMP traps (this has been a product design decision)
          WANView can be configured to send SNMP traps to other systems, and is
          not affected in this regard.

          In case you have any questions or need further assistance regarding
          these matters, please contact us at <wanview@tmp.com.br>.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Tavve Software Company Not Affected

      Updated:  March 28, 2002

      Status

      Not Affected

      Vendor Statement

          Tavve Software Company has investigated its products in light of CERT
          Advisory CA-2002-03 regarding SNMP vulnerabilities.  Tavve's EventWatch,
          PReView, and Amerigo products always reside within the network management
          system (NMS) framework supplied by either HP OpenView Network Node Manager
          or Tivoli NetView; therefore, these Tavve products have no inherent or
          intrinsic exposure to SNMP vulnerabilities beyond those of the underlying
          NMS.  We advise our customers to apply any patches for Network Node Manger
          or NetView made available by HP or Tivoli.  Tavve has created a solution
          for ePROBE and will make this update available via its Web site ( http://www.tavve.com).

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Top Layer Networks Not Affected

      Updated:  April 01, 2002

      Status

      Not Affected

      Vendor Statement

          Both of Top Layer's focused security appliances, the IDS Balancer and the Attack Mitigator, do not exhibit the SNMP vulnerabilite(s) Outlined by CERT Advisory CA-2002-03.

          Neither of these products require any modification at all in order to be protected. The AppSwitch/AppSafe product is also capable of being so protected, but it may require that one configuration change be made to ensure total protection based on the TopPath version of firmware it is running.

          The detail of the configuration change required in the AppSwitch/AppSafe product is discussed below.

          CERT's recommended restrictions are as follows:

          1.  Disable SNMP V1 access to all applicable network devices
          2.  Filter SNMP traffic from non-authorized internal hosts
          3.  Segregate SNMP traffic onto a separate management network

          Top Layer is well positioned to provide immediate solutions for our customers.  There are two options that users can immediately choose from to protect their TLN security systems from SNMP V1 attacks:

          OPTION 1
          All currently shipping Top Layer products come pre-configured from the factory or can be configured to meet CERT restriction # 1.  For example, Top Layer's focused security appliances, the IDS Balancer and the upcoming Attack Mitigator products have, as their factory default settings, Access Restrictions for SNMP set to -Denied- thus meeting CERT restriction # 1.

          NOTE: The AppSwitch/AppSafe Release 4.1 factory default is for SNMP disabled. Models running Release 3.55 must be explicitly configured to deny access as described above.


          OPTION 2
          Option #2 is to implement restrictions # 2 and # 3 simultaneously

          Restriction # 2
          To meet CERT restriction # 2, network managers can set access restrictions for SNMP to an allowed IP host address range via the Web Management Interface supplied with the AppSwitch/AppSafe 3500, the IDS Balancer, and upon general release, the Attack Mitigator. Existing customers can implement this protection themselves in the field today.

          Restriction #3
          The currently shipping AppSwitch/AppSafe 3500 security device can be configured to restrict SNMP to a single management port via its web management interface.  This meets CERT restriction # 3.

          Both the IDS Balancer and the Attack Mitigator are designed with separate management ports for that exclusive use.  These management ports cannot be accessed via "outside" (public network) or "inside" (internal network) LAN connections for greater security and management system integrity. These products meet CERT restriction # 3 -out of the box-.

          BOTTOM LINE

          Top Layer's standard offerings meet the criteria that allow users to protect against SNMP V1 vulnerability exploits. This is all part of Top Layer's continued commitment to provide our customers with improved performance and greater security against cyber threats.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Trend Micro Not Affected

      Updated:  March 05, 2002

      Status

      Not Affected

      Vendor Statement

          Trend Micro R&D has determined that Interscan Messaging
          Services Suite, Scan Mail for Lotus Notes and Scan Mail for Exchange, which
          all use Simple Network Management Protocol (SNMP) are not affected by SNMP
          vulnerabilities listed in the CERT® Advisory CA-2002-03 Multiple
          Vulnerabilities bulletin of February 27.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Uptime Devices Not Affected

      Notified:  January 11, 2002 Updated: March 06, 2002

      Status

      Not Affected

      Vendor Statement

      Our engineering group downloaded the test suite and ran it against the our products. Our products passed all tests.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      nCipher Corp. Not Affected

      Updated:  March 01, 2002

      Status

      Not Affected

      Vendor Statement

          nCipher Corp. supplies two SNMP products:

          1) a SNMP agent bundled with the nForce/nShield and older nFast products
          (nFast 75, 150 and 300)
          2) The SNMP support software bundled with the newer nFast800 products.

          The first product (bundled with the nForce, nShield and nFast 75/150/300
          range) is a customised NET-SNMP agent version 4.2.1.  This is vulnerable
          to VU#854306 but not VU#107186.  nCipher has upgraded this software to
          the NET-SNMP release 4.2.3 and this is now available as a patch release
          (see below).

          The second product (bundled with the nFast800 product) has two operating
          modes, one for Linux (and, in the near future, Solaris) and one for
          Windows NT/2000.  In each case, the only agent used is the one currently
          installed on the OS (NET-SNMP for Linux/Solaris and the Microsoft SNMP
          agent for Windows); the nCipher-supplied software runs in a separate
          process.

          Customers using this product should therefore ensure that their
          operating system SNMP agent is patched against this vulnerability.

          On Linux or Solaris , this requires installation of the NET-SNMP version
          4.2.2 or greater.  Running 'snmpd -v' (make sure it is in your path) will
          tell you the version of the NET-SNMP agent you are currently running.

          On Windows, this will require installation of the forthcoming patch from
          Microsoft.  If you have not installed the patch from Microsoft and the
          'SNMP Service' is running then you are affected.

          Again, if upgrading is not currently possible customers are advised to
          disable the SNMP service if it might be exposed to hostile network
          traffic, or make use of other suggestions supplied elsewhere in CERT
          advisory CA-2002-03.

          nCipher has released a specific advisory, which may be obtained from
          http://www.ncipher.com/support/advisories/ - this includes a patch to
          download that upgrades the nCipher agent to version 4.2.3 of the
          NET-SNMP kit and fixes the issues listed above.  Installation instructions are
          contained within the patch file.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      2Wire Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      ADC Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      AIRCONNECT Unknown

      Notified:  January 14, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      AMD Unknown

      Notified:  January 11, 2002 Updated: January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      ARINC Incorporated Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Adaptec Inc. Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Advantech Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Agere Systems Unknown

      Notified:  January 09, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Agilent Technologies Unknown

      Notified:  January 09, 2002 Updated: January 09, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Alcatel Unknown

      Notified:  January 11, 2002 Updated: February 20, 2002

      Status

      Unknown

      Vendor Statement

          The security of our customers' networks is of highest priority for Alcatel.
          Alcatel is aware of this industry-wide SNMP security issue and has
          put measures in place to assess which of its products might be
          affected. Within this activity, Alcatel is closely working with its
          customers and CERT to address and fix potential security problems as
          identified by CERT.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Alidian Networks Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Alpha Technologies Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Amnis Systems Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Analog Devices Inc. Unknown

      Notified:  January 11, 2002 Updated: January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Ando Corporation Unknown

      Updated:  January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Askey Computer Corporation Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Atheros Communications Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Atos Origin Unknown

      Notified:  January 09, 2002 Updated: January 09, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Aware Unknown

      Notified:  January 19, 2002 Updated: January 21, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Aztech Systems Ltd Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Berkeley Software Design, Inc. Unknown

      Notified:  October 17, 2001 Updated: December 19, 2001

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Broadcom Corporation Unknown

      Updated:  January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Brocade Communications Systems Inc. Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      C-SPEC Corporation Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      CalSoft Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Canon U.S.A. Inc. Unknown

      Notified:  January 14, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Cayman Systems Inc. Unknown

      Notified:  January 11, 2002 Updated: January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Charles Industries Ltd Unknown

      Notified:  January 14, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Clarent Corporation Unknown

      Notified:  January 19, 2002 Updated: January 21, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      CoSine Communications Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Comtest Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Comtrend Corporation Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Conexant Systems Inc. Unknown

      Notified:  January 10, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Convedia Corporation Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Convergent Networks Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Copper Mountain Networks Inc. Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Coresma Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Cray Inc. Unknown

      Updated:  April 05, 2002

      Status

      Unknown

      Vendor Statement

      Cray, Inc. had opened spr 721879 to track this problem. At this time, Cray suggests that Unicos and Unicos/mk sites disable the SNMP daemon.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Critical Path Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Crossroads Systems Inc Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Cyclades Corporation Unknown

      Notified:  January 16, 2002 Updated: January 18, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      DATAX Unknown

      Updated:  January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      DNE Technologies Inc. Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Data Connection Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Data General Unknown

      Notified:  October 17, 2001 Updated: December 19, 2001

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Dynarc Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      EMC Corporation Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Emulex Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Enterasys Networks Unknown

      Notified:  January 10, 2002 Updated: February 13, 2002

      Status

      Unknown

      Vendor Statement

      On 12-February-2002, CERT (http://www.cert.org) announced serious vulnerabilities in the SNMP implementations of virtually every networking vendor’s equipment. These vulnerabilities were discovered by a Finnish research group known as OUSPG, associated with Oulu University, and are documented in advisory CA-2002-03.

      These vulnerabilities exist in all versions of SNMP (v1/v2c/v3) and can be used to cause SNMP implementations to behave in an unpredictable manner, resulting in denials of service or system failures.

      Given the serious nature of these vulnerabilities, Enterasys is testing our product line to determine which products are affected. Patches for affected products will be made available to our customers. Please check the Enterasys Support web site periodically for further details and patch information.

      Until these patches become available, Enterasys recommends that the following steps be taken to help reduce exposure to these vulnerabilities.

        • Disable SNMP from interfaces through which SNMP commands should not be received, such as those providing connection from the Internet or Extranets
        • Use Access Control Lists at the access edge to prevent SNMP traffic from unauthorized internal hosts from entering the network.
        • Use management VLANs or out-of-band management to contain SNMP traffic and multicasts. These do not prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.
        • Enable 802.1X port-locking and RADIUS to prevent unauthenticated users from attaching to the network.
        • Use NetSight Policy Manager to automatically restrict the use of SNMP to authenticated, SNMP-authorized personnel.
        • Update Dragon IDS signatures to help identify when these attacks are being used.

        Vendor Information

        The vendor has not provided us with any further information regarding this vulnerability.

        Addendum

        The CERT/CC has no additional comments at this time.

        If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Ericsson Unknown

      Updated:  January 09, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Evidian Inc. Unknown

      Updated:  April 05, 2002

      Status

      Unknown

      Vendor Statement

      Evidian will issue a bulletin regarding this advisory once we have completed the investigation.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Extreme Networks Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Fujitsu Unknown

      Notified:  October 17, 2001 Updated: December 19, 2001

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      GE Industrial Systems Unknown

      Notified:  January 15, 2002 Updated: January 15, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Halcyon Monitoring Solutions Unknown

      Notified:  January 11, 2002 Updated: January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Haliplex Pty Ltd Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Hitachi Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Honeywell Unknown

      Notified:  January 22, 2002 Updated: January 23, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Huawei Technologies Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      IBM-zSeries Unknown

      Updated:  January 07, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      IMC Networks Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      INRANGE Technologies Unknown

      Notified:  January 10, 2002 Updated: February 26, 2002

      Status

      Unknown

      Vendor Statement

          The CERT Coordination Center has issued a broad based alert to the
          technology industry, including INRANGE Technologies, regarding potential
          security vulnerabilities identified in the Simple Network Management
          Protocol (SNMP), a common networking standard.  The company is assessing
          the issue with its products.  Updates will be posted to the INRANGE
          website (http://www.inrange.com) as circumstances dictate.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      IP Infusion Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Industrial Networking Solutions Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Intel Unknown

      Notified:  December 21, 2001 Updated: January 04, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Interphase Corporation Unknown

      Notified:  January 30, 2002 Updated: February 05, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Intrusion Inc. Unknown

      Notified:  January 15, 2002 Updated: January 15, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Invensys plc Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Ishoni Networks Unknown

      Updated:  January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Ixia Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Kentrox LLC Unknown

      Notified:  January 19, 2002 Updated: March 25, 2002

      Status

      Unknown

      Vendor Statement

          Kentrox, LLC.. has reviewed CERT Advisory CA-2002-03 and has published the
          results of our initial evaluation. Kentrox will continue testing products
          that support SNMP against the PROTOS test suite. As results become available
          they will be added to the information found at our web site.

          The results can be found at: http://www.kentrox.com/cert-CA-2002-03-response.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Komatsu Ltd. Unknown

      Notified:  January 14, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Lachman Unknown

      Notified:  October 17, 2001 Updated: January 07, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Legato Systems Inc. Unknown

      Notified:  January 10, 2002 Updated: January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Liebert Unknown

      Notified:  January 11, 2002 Updated: January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Linksys Unknown

      Updated:  January 09, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      LogiSoft AR Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      M/A-COM Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Marvell Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Memotec Communications Unknown

      Updated:  January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      MetaSwitch Unknown

      Updated:  January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Mistral Software Inc. Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Motorola Unknown

      Updated:  January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      NCR Unknown

      Notified:  January 14, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      NETAPHOR SOFTWARE INC Unknown

      Notified:  January 19, 2002 Updated: February 12, 2002

      Status

      Unknown

      Vendor Statement

      NETAPHOR SOFTWARE INC. is the creator of Cyberons for Java -- SNMP Manager Toolkit and Cyberons for Java -- NMS Application Toolkit, two Java based products that may be affected by the SNMP vulnerabilities identified here. The manner in which they are affected and the actions required (if any) to avoid being impacted by exploitation of these vulnerabilities, may be obtained by contacting Netaphor via email at info@netaphor.com

      Customers with annual support may contact support@netaphor.com directly. Those not under support entitlement may contact Netaphor sales: sales@netaphor.com or (949) 470 7955 in USA.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      NETGEAR Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      NetBSD Unknown

      Notified:  October 17, 2001 Updated: December 19, 2001

      Status

      Unknown

      Vendor Statement

      NetBSD does not ship with any SNMP tools in our 'base' releases. We do provide optional `packages' which provide various support for SNMP. These packages are not installed by default, nor are they currently provided as an install option by the operating system installation tools. A system administrator/end-user has to manually install this with our package management tools.

      These SNMP packages include:

      netsaint-plugin-snmp-1.2.8.4SNMP monitoring plug-in for netsaint

      p5-Net-SNMP-3.60perl5 module for SNMP queries

      p5-SNMP-3.1.0Perl5 module for interfacing to the UCD SNMP library

      p5-SNMP_Session-0.83perl5 module providing rudimentary access to remote SNMP agents

      ucd-snmp-4.2.1Extensible SNMP implementation (conflicts with ucd-snmp-4.1.2)

      ucd-snmp-4.1.2Extensible SNMP implementation (conflicts with ucd-snmp-4.2.1)

      We do provide a software monitoring mechanism called 'audit-packages', which allows us to highlight if a package with a range of versions has a potential vulnerability, and recommends that the end-user upgrade the packages in question.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      NetPlane Systems Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Netopia Unknown

      Notified:  January 03, 2002 Updated: January 07, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Network Computing Technologies Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      NexGen Software Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Nishan Systems Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      OLE Communications Inc. Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Omnitronix Unknown

      Notified:  January 09, 2002 Updated: January 25, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Paion Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Paradyne Networks Inc. Unknown

      Notified:  January 11, 2002 Updated: March 05, 2002

      Status

      Unknown

      Vendor Statement

          A recent alert issued by CERT states that any device connected to the Internet has potential security vulnerability. The specific root cause relates to SNMP v1, which is implemented in many Paradyne products.  This alert has caused a number of Paradyne customers to call and request an official statement and risk assessment associated with Paradyne's equipment. 

          The purpose of this document is to inform you that Paradyne engineering staff is currently assessing the situation to determine if any vulnerabilities exist.  The analysis will take into consideration product features, SNMP v1 issues and the typical usage of our products in DSL and Frame Relay network topologies. In typical configurations, direct connection to the Internet with Paradyne devices and/or management systems is extremely rare.

          Please note that while no device is completely secure, Paradyne has implemented several safeguards that protect against intrusion such as that identified by CERT Advisory CA-2002-03.  Prior to the time that Paradyne releases a more comprehensive statement, we recommend that you take the following actions as appropriate:

          ·  Change community string from public; choose obscure names
          ·  Use device SNMP access list capability
          ·  Use firewall at NOC if NOC has access to Internet, same for CEU central site products  (FrameSaver)
          ·  Utilize inband management (dedicated management PVC) when possible

          Taken together, these methods provide a robust security feature set which should minimize the impact of the concerns raised in the CERT alert.  With this said, Paradyne will release a more complete assessment as soon as possible.  This response will consist of an analysis of the overall security risks, recommendations to mitigate these risks and, if necessary, plans for the introduction of new code to close any identified security breaches.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Pluris Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Polycom Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Portmasters Unknown

      Notified:  January 29, 2002 Updated: January 29, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Precise Software Technologies Inc. Unknown

      Updated:  January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Prism Communications Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Pulsecom Unknown

      Notified:  January 14, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      QLogic Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Quintom Unknown

      Notified:  January 11, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      RADVISION Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Rittal Unknown

      Notified:  January 19, 2002 Updated: January 21, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      SANavigator Inc. Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      SGI Unknown

      Notified:  October 17, 2001 Updated: January 03, 2002

      Status

      Unknown

      Vendor Statement

      SGI acknowledges the SNMP vulnerabilities reported by CERT and is currently

      investigating. No further information is available at this time.

      For the protection of all our customers, SGI does not disclose, discuss or confirm vulnerabilities until a full investigation has occurred and any necessary patch(es) or release streams are available for all vulnerable and supported IRIX operating systems. Until SGI has more definitive information to provide, customers are encouraged to assume all security vulnerabilities as exploitable and take appropriate steps according to local site security policies and requirements. As further information becomes available, additional advisories will be issued via the normal SGI security information distribution methods including the wiretap mailing list on http://www.sgi.com/support/security/.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      SMC Networks Unknown

      Updated:  January 11, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      SNMP Frameworks Inc. Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Samsung Electronics Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Sasken Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Satelcom Unknown

      Notified:  January 19, 2002 Updated: January 21, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Scientific-Atlanta Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      SecureWorks Unknown

      Updated:  March 04, 2002

      Status

      Unknown

      Vendor Statement

          SecureWorks is not vulnerable to SNMP based attacks.  The SecureWorks
          iSensor and Secure Operations Center uses a proprietary protocol in order to
          remotely monitor and configure devices.  Additionally, the SecureWorks
          iSensor is capable of filtering malformed and/or illegal snmp packets in
          order to protect against incoming and outgoing SNMP based attacks.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Sensorsoft Corporation Unknown

      Notified:  January 19, 2002 Updated: January 21, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Sequent Computer Systems, Inc. Unknown

      Notified:  October 17, 2001 Updated: December 19, 2001

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Snap Server Unknown

      Notified:  January 04, 2002 Updated: January 04, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Software Technologies Group Unknown

      Notified:  January 15, 2002 Updated: January 15, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Sony Corporation Unknown

      Notified:  October 17, 2001 Updated: December 19, 2001

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Spider Software Unknown

      Notified:  February 08, 2002 Updated: February 21, 2002

      Status

      Unknown

      Vendor Statement

          Spider is currently investigating this potential problem and, if
          applicable, a new version of the SNMP agent will be made available through
          the standard release process of SpiderTCP.

          Spider will notify its customers of any new patches resulting from this
          investigation through the normal support channel.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Spirent Communications Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      StorageSoft Inc. Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Stratus Technologies Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Sync Research Products Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      TRENDware International Unknown

      Notified:  January 14, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Tality Corporation Unknown

      Notified:  January 18, 2002 Updated: January 18, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Telogy Networks Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Telsey Telecommunications Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Terayon Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Texas Instruments Incorporated Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      TollBridge Technologies Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Tollgrade Communications Inc. Unknown

      Notified:  January 19, 2002 Updated: January 21, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Tripp Lite Unknown

      Notified:  January 14, 2002 Updated: January 15, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Tut Systems Inc. Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      VIVE Synergies Inc. Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Verilink Unknown

      Notified:  January 11, 2002 Updated: March 26, 2002

      Status

      Unknown

      Vendor Statement

          Verilink is aware of the CERT/CC advisory related to security
          vulnerabilities that may exist in network devices using SNMPv1 as the
          management protocol, issued February 12, 2002.  Verilink has implemented
          measures to assess which products may be affected by this advisory and is
          working closely with its customers to identify the impact and possible
          solutions.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Vixel Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Vpacket Communications Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Wailan Communications Inc. Unknown

      Notified:  January 10, 2002 Updated: January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Westell Technologies Inc Unknown

      Notified:  January 19, 2002 Updated: January 21, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Western Telematic Inc. Unknown

      Notified:  January 14, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Xspeed Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Yipes Unknown

      Updated:  January 10, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      Zman Tikshuv Ltd. Unknown

      Notified:  January 19, 2002 Updated: January 21, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      ZyXEL Unknown

      Notified:  January 12, 2002 Updated: January 14, 2002

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor Information

      The vendor has not provided us with any further information regarding this vulnerability.

      Addendum

      The CERT/CC has no additional comments at this time.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.

      View all 284 vendors View less vendors


      CVSS Metrics

      Group Score Vector
      Base
      Temporal
      Environmental

      References

      Acknowledgements

      The CERT Coordination Center thanks the Oulu University Secure Programming Group for reporting these vulnerabilities to us, for providing detailed technical analyses, and for assisting us in preparing this advisory. We also thank the many vendors who provided feedback regarding their respective vulnerabilities.

      This document was written by Ian A. Finlay.

      Other Information

      CVE IDs: CVE-2002-0012
      CERT Advisory: CA-2002-03
      Severity Metric: 69.26
      Date Public: 2002-02-12
      Date First Published: 2002-01-16
      Date Last Updated: 2007-11-07 18:25 UTC
      Document Revision: 50

      Sponsored by CISA.