SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Net-snmp Vendors:   net-snmp.sourceforge.net
(Sun Issues ISRs) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
SecurityTracker Alert ID:  1020284
SecurityTracker URL:  http://securitytracker.com/id/1020284
CVE Reference:   CVE-2008-0960   (Links to External Site)
Date:  Jun 13 2008
Impact:   User access via network
Vendor Confirmed:  Yes  
Version(s): 4.0 and later versions
Description:   A vulnerability was reported in Net-snmp. A remote user can bypass authentication.

A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.

UCD-SNMP is also affected.

SNMPv1 and SNMPv2 are not affected.

Wes Hardaker reported this vulnerability.

Impact:   A remote user can bypass authentication.
Solution:   Sun has issued the following Interim Security Relief (ISRs), available at:

http://sunsolve.sun.com/tpatches for the following releases:

SPARC Platform

* Solaris 10 IDR138540-01

x86 Platform

* Solaris 10 IDR138541-01

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238865-1

Vendor URL:  sourceforge.net/forum/forum.php?forum_id=833770 (Links to External Site)
Cause:   Authentication error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  10

Message History:   This archive entry is a follow-up to the message listed below.
Jun 10 2008 Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC