Aprisma Response to CERT Advisory

  The following message was sent to all SPECTRUM registered users by
Aprisma on 2002-02-14.   SPECTRUM is a network management tool (not
entirely unlike Optivity) originally bundled with Cabletron LAN switches.

**********************************************************************

Dear Customer,

It has recently come to Aprisma’s attention that the Computer Emergency Response Team (CERT) has issued an advisory on 
February 12th regarding numerous vulnerabilities in multiple vendors' SNMP implementations.  These vulnerabilities are 
applicable to SNMPv1 trap handling and SNMPv1 request
handling.

Continuing our ongoing endeavors to address your concerns as promptly as possible, Aprisma would like to assure you 
that we are performing tests on the SPECTRUM product suite to reveal any applicable issues.  Our findings to date 
regarding the recent CERT advisory are as follows:

CERT Advisory CA-2002-03
VU#854306 - Multiple Vulnerabilities in SNMPv1 Request Handling – This advisory is not applicable to SPECTRUM.  
SPECTRUM does not accept SNMP requests rather; SPECTRUM sends SNMP requests and process subsequent SNMP responses.

CERT Advisory CA-2002-03
VU#107186 - Multiple Vulnerabilities in SNMPv1 Trap Handling – Although relevant to SPECTRUM, Aprisma’s preliminary 
testing has revealed no issues.  We are currently conducting more in-depth tests a
and will shortly convey our results.

For additional information regarding CERT’s latest advisory, please visit www.cert.org.

Upon completion of the testing process Aprisma will provide additional information.

Thank you for your time and patience.

Sincerely,

Michael Skubisz
President and CEO
Aprisma Management Technologies