Date: Thu, 14 Feb 2002 16:16:48 -0500
From:
To: [email protected]Subject: Aprisma Response to CERT Advisory
The following message was sent to all SPECTRUM registered users by
Aprisma on 2002-02-14. SPECTRUM is a network management tool (not
entirely unlike Optivity) originally bundled with Cabletron LAN switches.
**********************************************************************
Dear Customer,
It has recently come to Aprisma=92s attention that the Computer Emergency =
Response Team (CERT) has issued an advisory on February 12th regarding num=
erous vulnerabilities in multiple vendors' SNMP implementations. These vu=
lnerabilities are applicable to SNMPv1 trap handling and SNMPv1 request
handling.
Continuing our ongoing endeavors to address your concerns as promptly as p=
ossible, Aprisma would like to assure you that we are performing tests on =
the SPECTRUM product suite to reveal any applicable issues. Our findings =
to date regarding the recent CERT advisory are as follows:
CERT Advisory CA-2002-03
VU#854306 - Multiple Vulnerabilities in SNMPv1 Request Handling =96 This a=
dvisory is not applicable to SPECTRUM. SPECTRUM does not accept SNMP requ=
ests rather; SPECTRUM sends SNMP requests and process subsequent SNMP resp=
onses.
CERT Advisory CA-2002-03
VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling =96 Although =
relevant to SPECTRUM, Aprisma=92s preliminary testing has revealed no issu=
es. We are currently conducting more in-depth tests a
and will shortly convey our results.
For additional information regarding CERT=92s latest advisory, please visi=
t www.cert.org.
Upon completion of the testing process Aprisma will provide additional inf=
ormation.
Thank you for your time and patience.
Sincerely,
Michael Skubisz
President and CEO
Aprisma Management Technologies
