The following message was sent to all SPECTRUM registered users by Aprisma on 2002-02-14. SPECTRUM is a network management tool (not entirely unlike Optivity) originally bundled with Cabletron LAN switches. ********************************************************************** Dear Customer, It has recently come to Aprisma’s attention that the Computer Emergency Response Team (CERT) has issued an advisory on February 12th regarding numerous vulnerabilities in multiple vendors' SNMP implementations. These vulnerabilities are applicable to SNMPv1 trap handling and SNMPv1 request handling. Continuing our ongoing endeavors to address your concerns as promptly as possible, Aprisma would like to assure you that we are performing tests on the SPECTRUM product suite to reveal any applicable issues. Our findings to date regarding the recent CERT advisory are as follows: CERT Advisory CA-2002-03 VU#854306 - Multiple Vulnerabilities in SNMPv1 Request Handling – This advisory is not applicable to SPECTRUM. SPECTRUM does not accept SNMP requests rather; SPECTRUM sends SNMP requests and process subsequent SNMP responses. CERT Advisory CA-2002-03 VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling – Although relevant to SPECTRUM, Aprisma’s preliminary testing has revealed no issues. We are currently conducting more in-depth tests a and will shortly convey our results. For additional information regarding CERT’s latest advisory, please visit www.cert.org. Upon completion of the testing process Aprisma will provide additional information. Thank you for your time and patience. Sincerely, Michael Skubisz President and CEO Aprisma Management Technologies
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 17:29:00 PST