(Cisco Issues Advisory for Cisco Wireless LAN Controller) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1020344 |
|
SecurityTracker URL: http://securitytracker.com/id/1020344
|
|
CVE Reference:
CVE-2008-0960
(Links to External Site)
|
Date: Jun 21 2008
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.x, 4.x, 5.0.x, 5.1.x
|
Description:
A vulnerability was reported in Net-snmp. A remote user can bypass authentication. Cisco WLC is affected.
A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.
UCD-SNMP is also affected.
SNMPv1 and SNMPv2 are not affected.
Wes Hardaker reported this vulnerability.
|
Impact:
A remote user can bypass authentication.
|
Solution:
On June 20, 2008, Cisco updated their advisory to indicate that Cisco Wireless LAN Controller (WLC) is affected by this vulnerability. Cisco plans to issue a fix for WLC (5.2.x.x). The fix is to be available in August 2008.
The Cisco advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
|
Cause:
Authentication error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 20 Jun 2008 20:30:31 -0400
Subject: http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
|
CVE-2008-0960
|
|
