Concerning CERT Advisory notification regarding VU#854306, VU#107186, and OUSPG#0100:
DMH Software applied the OULU university test suite to its various portable snmp-agent products: SNMPv1, SNMPv2c and SNMPv3.
We found that the releases below and later releases of DMH portable snmp-agent products are NOT vulnerable to CERT vulnerability advisory VU#854306 (Multiple vulnerabilities in SNMPv1 request handling)
| Product | Release | Date |
|---|---|---|
| SNMPv1 Agent | 2.0.9.1 | Apr 9 2002 |
| SNMPv2c Agent | 3.0.5.3 | May 31 2002 |
| SNMPv3 Agent | 4.0.8.2 | Feb 13 2002 |
The above releases, and newer releases, are currently available for our customers. We strongly recommend our customers to contact us to obtain an upgrade and update their source code.
Please note that we received feedback from some of our customers who reported that previous releases of DMH snmp-agent products were tested and found not vulnerable to VU#107186. Nevertheless we recommend an upgrade to the current releases.