SecurityTracker.com Archives - Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Net-snmp

Vendors: net-snmp.sourceforge.net

Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication

SecurityTracker Alert ID: 1020218

SecurityTracker URL: http://securitytracker.com/id?1020218

CVE Reference: CVE-2008-0960 (Links to External Site)

Date: Jun 10 2008

Impact: User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 4.0 and later versions

Description: A vulnerability was reported in Net-snmp. A remote user can bypass authentication.

A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.

UCD-SNMP is also affected.

SNMPv1 and SNMPv2 are not affected.

Wes Hardaker reported this vulnerability.

Impact: A remote user can bypass authentication.

Solution: The vendor has issued a fixed version (5.4.1.1).

The vendor's advisory is available at:

http://sourceforge.net/forum/forum.php?forum_id=833770

Vendor URL: sourceforge.net/forum/forum.php?forum_id=833770 (Links to External Site)

Cause: Authentication error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Jun 10 2008	(Red Hat Issues Fix) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 3, 4, and 5.
Jun 10 2008	(Cisco Issues Fix for IOS) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>) Cisco IOS and IOS-XR are affected.
Jun 10 2008	(Cisco Issues Fix for CatOS) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>) Cisco has issued a fix for CatOS.
Jun 10 2008	(Cisco Issues Fix for Cisco ACE) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>) Cisco has issued a fix for Cisco ACE.
Jun 10 2008	(Cisco Issues Fix for Cisco MDS) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>) Cisco has issued a fix for Cisco MDS.
Jun 12 2008	(Juniper Issues Fix for SRC Modules) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication Juniper Networks Session and Resource Control (SRC) modules are affected.
Jun 12 2008	(Ingate Firewall is Affected) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (Per Cederqvist <ceder@ingate.com>) Ingate Firewall is affected.
Jun 12 2008	(Ingate SIParator is Affected) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (Per Cederqvist <ceder@ingate.com>) Ingate SIParator is affected.
Jun 13 2008	(Sun Issues ISRs) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication Sun has issued ISRs for Solaris 10.
Jun 21 2008	(Cisco Issues Advisory for Cisco Wireless LAN Controller) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication Cisco WLC is affected.
Jul 1 2008	(Apple Issues Fix for Mac OS X) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication Apple has issued a fix for Mac OS X.
Aug 13 2008	(VMware Issues Fix for ESX) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (security-announce@lists.vmware.com) VMware issues fix for ESX Server.
Oct 31 2008	(VMware Issues Fix for ESX) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication (VMware Security Announcements <security-announce@lists.vmware.com>) VMware has issued a fix for ESX.

Source Message Contents

Date: Tue, 10 Jun 2008 12:52:57 -0400
Subject: Net-SNMP

 
 
http://sourceforge.net/forum/forum.php?forum_id=833770
 
CVE-2008-0960

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC