Executive Summary
Summary | |
---|---|
Title | SNMPv3 Authentication Bypass Vulnerability |
Informations | |||
---|---|---|---|
Name | TA08-162A | First vendor Publication | 2008-06-10 |
Vendor | US-CERT | Last vendor Modification | 2008-06-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. I. Description The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. II. Impact This vulnerability allows attackers to read and modify any SNMP object that can be accessed using the authentication credentials that got them into the system. Attackers exploiting this vulnerability can view and modify the configuration of these devices. Attackers must gain access using credentials with write privileges in order to modify configurations. III. Solution Upgrade Please consult your vendor for more information. Apply a patch Net-SNMP has released a patch to address this issue. For more information, refer to SECURITY RELEASE: Multiple Net-SNMP Versions Released. Users are encouraged to apply the patch as soon as possible. Enable the SNMPv3 privacy subsystem The configuration should be modified to enable the SNMPv3 privacy subsystem to encrypt the SNMPv3 traffic using a secret, private key. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA08-162A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10820 | |||
Oval ID: | oval:org.mitre.oval:def:10820 | ||
Title: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22388 | |||
Oval ID: | oval:org.mitre.oval:def:22388 | ||
Title: | ELSA-2008:0529: net-snmp security update (Moderate) | ||
Description: | Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0529-01 CVE-2008-2292 CVE-2008-0960 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5785 | |||
Oval ID: | oval:org.mitre.oval:def:5785 | ||
Title: | Multiple Vendors Net-SNMPv3 Hash Message Authentication Code Design Error Vulnerability | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6414 | |||
Oval ID: | oval:org.mitre.oval:def:6414 | ||
Title: | Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 |
ExploitDB Exploits
id | Description |
---|---|
2008-06-12 | SNMPv3 HMAC validation error Remote Authentication Bypass Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for net-snmp File : nvt/sles10_net-snmp1.nasl |
2009-10-10 | Name : SLES9: Security update for net-snmp File : nvt/sles9p5031860.nasl |
2009-04-09 | Name : Mandriva Update for net-snmp MDVSA-2008:118 (net-snmp) File : nvt/gb_mandriva_MDVSA_2008_118.nasl |
2009-03-23 | Name : Ubuntu Update for net-snmp vulnerabilities USN-685-1 File : nvt/gb_ubuntu_USN_685_1.nasl |
2009-03-06 | Name : RedHat Update for ucd-snmp RHSA-2008:0528-01 File : nvt/gb_RHSA-2008_0528-01_ucd-snmp.nasl |
2009-03-06 | Name : RedHat Update for net-snmp RHSA-2008:0529-01 File : nvt/gb_RHSA-2008_0529-01_net-snmp.nasl |
2009-02-27 | Name : CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386 File : nvt/gb_CESA-2008_0528-01_ucd-snmp_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos3 i386 File : nvt/gb_CESA-2008_0529_net-snmp_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos3 x86_64 File : nvt/gb_CESA-2008_0529_net-snmp_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos4 i386 File : nvt/gb_CESA-2008_0529_net-snmp_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos4 x86_64 File : nvt/gb_CESA-2008_0529_net-snmp_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5224 File : nvt/gb_fedora_2008_5224_net-snmp_fc7.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-9367 File : nvt/gb_fedora_2008_9367_net-snmp_fc9.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-9362 File : nvt/gb_fedora_2008_9362_net-snmp_fc8.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5218 File : nvt/gb_fedora_2008_5218_net-snmp_fc8.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5215 File : nvt/gb_fedora_2008_5215_net-snmp_fc9.nasl |
2009-01-23 | Name : SuSE Update for net-snmp SUSE-SA:2008:039 File : nvt/gb_suse_2008_039.nasl |
2008-11-19 | Name : Debian Security Advisory DSA 1663-1 (net-snmp) File : nvt/deb_1663_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-02 (net-snmp) File : nvt/glsa_200808_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-210-07 net-snmp File : nvt/esoft_slk_ssa_2008_210_07.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55248 | HP OpenView SNMP Emanate Master Agent HMAC Authentication SNMPv3 Authenticati... |
46669 | Apple Mac OS X HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46276 | Solaris snmpd(1M) HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46102 | Ingate Firewall/SIParator HMAC Authentication SNMPv3 Authentication Packet Sp... |
46088 | Juniper Multiple Appliances HMAC Authentication SNMPv3 Authentication Packet ... |
46086 | Cisco Multiple Products HMAC Authentication SNMPv3 Authentication Packet Spoo... |
46060 | UCD-SNMP HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46059 | Net-SNMP HMAC Authentication SNMPv3 Authentication Packet Spoofing |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-11-06 | IAVM : 2008-B-0078 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0017874 |
2008-06-19 | IAVM : 2008-T-0026 - SNMP Remote Authentication Bypass Vulnerability Severity : Category I - VMSKEY : V0016046 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Multiple Vendors SNMPv3 HMAC handling authentication bypass attempt RuleID : 17699 - Revision : 3 - Type : PROTOCOL-SNMP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8939.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3-iosxr.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2013-05-31 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3-nxos.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080610_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3http.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_39886.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_39887.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12204.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The SNMP server running on this host is affected by an authentication bypass ... File : snmpv3_authentication_bypass.nasl - Type : ACT_ATTACK |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0017.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0013.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libsnmp15-080706.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-118.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-685-1.nasl - Type : ACT_GATHER_INFO |
2008-11-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1663.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9367.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9362.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-02.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_net-snmp-5422.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote openSUSE host is missing a security update. File : suse_libsnmp15-5418.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-07.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5215.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5218.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5224.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0528.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote host is missing Sun Security Patch number 120273-42 File : solaris10_x86_120273.nasl - Type : ACT_GATHER_INFO |
2007-05-20 | Name : The remote host is missing Sun Security Patch number 120272-40 File : solaris10_120272.nasl - Type : ACT_GATHER_INFO |