SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco Wireless LAN Controller Vendors:   Cisco
(Cisco Issues Advisory for Cisco Wireless LAN Controller) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
SecurityTracker Alert ID:  1020344
SecurityTracker URL:  http://securitytracker.com/id/1020344
CVE Reference:   CVE-2008-0960   (Links to External Site)
Date:  Jun 21 2008
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.x, 4.x, 5.0.x, 5.1.x
Description:   A vulnerability was reported in Net-snmp. A remote user can bypass authentication. Cisco WLC is affected.

A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.

UCD-SNMP is also affected.

SNMPv1 and SNMPv2 are not affected.

Wes Hardaker reported this vulnerability.

Impact:   A remote user can bypass authentication.
Solution:   On June 20, 2008, Cisco updated their advisory to indicate that Cisco Wireless LAN Controller (WLC) is affected by this vulnerability. Cisco plans to issue a fix for WLC (5.2.x.x). The fix is to be available in August 2008.

The Cisco advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml

Cause:   Authentication error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 10 2008 Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC