(Juniper Issues Fix for SRC Modules) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1020256 |
|
SecurityTracker URL: http://securitytracker.com/id/1020256
|
|
CVE Reference:
CVE-2008-0960
(Links to External Site)
|
Date: Jun 12 2008
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.0.0, 1.0.1, or 2.0.0
|
Description:
A vulnerability was reported in Net-snmp. A remote user can bypass authentication. Juniper's Session and Resource Control (SRC) modules are affected.
A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.
UCD-SNMP is also affected.
SNMPv1 and SNMPv2 are not affected.
Wes Hardaker reported this vulnerability.
|
Impact:
A remote user can bypass authentication.
|
Solution:
Juniper Networks Session and Resource Control appliances are affected. Versions 1.0.0, 1.0.1, or 2.0.0 on C-series appliances are vulnerable. The vendor has issued a fix, available from the Juniper Networks Customer Support Center.
|
Cause:
Authentication error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 11 Jun 2008 23:30:02 -0400
Subject: net-snmp
|
http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z
CVE-2008-0960
|
|
