(Sun Issues ISRs) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1020284 |
|
SecurityTracker URL: http://securitytracker.com/id/1020284
|
|
CVE Reference:
CVE-2008-0960
(Links to External Site)
|
Date: Jun 13 2008
|
Impact:
User access via network
|
Vendor Confirmed: Yes
|
Version(s): 4.0 and later versions
|
Description:
A vulnerability was reported in Net-snmp. A remote user can bypass authentication.
A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.
UCD-SNMP is also affected.
SNMPv1 and SNMPv2 are not affected.
Wes Hardaker reported this vulnerability.
|
Impact:
A remote user can bypass authentication.
|
Solution:
Sun has issued the following Interim Security Relief (ISRs), available at:
http://sunsolve.sun.com/tpatches for the following releases:
SPARC Platform
* Solaris 10 IDR138540-01
x86 Platform
* Solaris 10 IDR138541-01
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238865-1
|
Vendor URL: sourceforge.net/forum/forum.php?forum_id=833770 (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 13 Jun 2008 17:45:56 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238865-1
|
CVE-2008-0960
|
|
