(Ingate SIParator is Affected) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1020272 |
|
SecurityTracker URL: http://securitytracker.com/id/1020272
|
|
CVE Reference:
CVE-2008-0960
(Links to External Site)
|
Date: Jun 12 2008
|
Impact:
User access via network
|
Vendor Confirmed: Yes
|
Version(s): 3.1.0 and later versions
|
Description:
A vulnerability was reported in Net-snmp. A remote user can bypass authentication. Ingate SIParator is affected.
A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.
UCD-SNMP is also affected.
SNMPv1 and SNMPv2 are not affected.
Wes Hardaker reported this vulnerability.
|
Impact:
A remote user can bypass authentication.
|
Solution:
Ingate SIParator is affected by this vulnerability. Ingate plans to issue a fix as part of the next regular release, due in Q3 2008.
Ingate has provided the following workaround [quoted]:
The problem can be mitigated by using the "Servers allowed to contact
the firewall via SNMP" setting, so that it is restricted to the IP
address(es) of your management station(s). This setting can restrict
access to a set of IP addresses and/or via a certain physical
interface.
The SNMP agent listens to a configurable interface on the Ingate
Firewall and SIParator. If a non-routeable IP address is used
attackers from the Internet cannot reach the SNMP agent.
It is also possible to turn off the SNMP agent, if you consider the
potential information leak to be more serious than the loss of
monitoring.
|
Cause:
Authentication error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 11 Jun 2008 16:16:57 +0200
Subject: Ingate Firewall and SIParator affected by SNMPv3 vulnerability
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Product: Ingate Firewall and SIParator
Versions: version 3.1.0 and newer
Tracking ID: 3854
Summary
=======
A vulnerability has been found in the SNMP implementation. By using a
specially crafted SNMP version 3 package, an attacker can effectively
bypass the authentication of net-snmp.
By default, SNMP is disabled. Only units where the SNMP subsystem has
been enabled and uses SNMPv3 are vulnerable to this issue. All
related SNMP settings are available in the GUI on the tab Basic
Settings - SNMP.
Impact
======
An attacker can read configuration and status information from the
firewall.
Due to the way net-snmp is configured on the Ingate Firewall and
SIParator this vulnerability cannot be used to modify settings.
Mitigation
==========
The problem can be mitigated by using the "Servers allowed to contact
the firewall via SNMP" setting, so that it is restricted to the IP
address(es) of your management station(s). This setting can restrict
access to a set of IP addresses and/or via a certain physical
interface.
The SNMP agent listens to a configurable interface on the Ingate
Firewall and SIParator. If a non-routeable IP address is used
attackers from the Internet cannot reach the SNMP agent.
It is also possible to turn off the SNMP agent, if you consider the
potential information leak to be more serious than the loss of
monitoring.
Solution
========
Ingate currently plans to solve this issue in the next regular
release, due in Q3 2008.
More information
================
CVE Name: CVE-2008-0960
US-CERT: VU#878044
More information about this vulnerability is available from US-CERT at
http://www.kb.cert.org/vuls/id/878044
Further updates on this issue will be sent to our mailing list
http://lists.ingate.com/mailman/listinfo/productinfo
Further questions regarding this issue can be directed to
support@ingate.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFIT8jmTl5zjNKUYI4RAhWfAJ4163CTxBWY0/FwzDrU4SWIMZ9PMwCdHgf/
Klu237Hw7OBHfTRLLgjVhy8=
=cGPU
-----END PGP SIGNATURE-----
|
|
