SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Net-snmp Vendors:   net-snmp.sourceforge.net
Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
SecurityTracker Alert ID:  1020218
SecurityTracker URL:  http://securitytracker.com/id/1020218
CVE Reference:   CVE-2008-0960   (Links to External Site)
Date:  Jun 10 2008
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0 and later versions
Description:   A vulnerability was reported in Net-snmp. A remote user can bypass authentication.

A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.

UCD-SNMP is also affected.

SNMPv1 and SNMPv2 are not affected.

Wes Hardaker reported this vulnerability.

Impact:   A remote user can bypass authentication.
Solution:   The vendor has issued a fixed version (5.4.1.1).

The vendor's advisory is available at:

http://sourceforge.net/forum/forum.php?forum_id=833770

Vendor URL:  sourceforge.net/forum/forum.php?forum_id=833770 (Links to External Site)
Cause:   Authentication error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 10 2008 (Red Hat Issues Fix) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 3, 4, and 5.
Jun 10 2008 (Cisco Issues Fix for IOS) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco IOS and IOS-XR are affected.
Jun 10 2008 (Cisco Issues Fix for CatOS) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has issued a fix for CatOS.
Jun 10 2008 (Cisco Issues Fix for Cisco ACE) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has issued a fix for Cisco ACE.
Jun 10 2008 (Cisco Issues Fix for Cisco MDS) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has issued a fix for Cisco MDS.
Jun 12 2008 (Juniper Issues Fix for SRC Modules) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
Juniper Networks Session and Resource Control (SRC) modules are affected.
Jun 12 2008 (Ingate Firewall is Affected) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (Per Cederqvist <ceder@ingate.com>)
Ingate Firewall is affected.
Jun 12 2008 (Ingate SIParator is Affected) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (Per Cederqvist <ceder@ingate.com>)
Ingate SIParator is affected.
Jun 13 2008 (Sun Issues ISRs) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
Sun has issued ISRs for Solaris 10.
Jun 21 2008 (Cisco Issues Advisory for Cisco Wireless LAN Controller) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
Cisco WLC is affected.
Jul 1 2008 (Apple Issues Fix for Mac OS X) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
Apple has issued a fix for Mac OS X.
Aug 13 2008 (VMware Issues Fix for ESX) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (security-announce@lists.vmware.com)
VMware issues fix for ESX Server.
Oct 31 2008 (VMware Issues Fix for ESX) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication   (VMware Security Announcements <security-announce@lists.vmware.com>)
VMware has issued a fix for ESX.



 Source Message Contents

Date:  Tue, 10 Jun 2008 12:52:57 -0400
Subject:  Net-SNMP


http://sourceforge.net/forum/forum.php?forum_id=833770

CVE-2008-0960
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC