(Apple Issues Fix for Mac OS X) Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1020396 |
|
SecurityTracker URL: http://securitytracker.com/id/1020396
|
|
CVE Reference:
CVE-2008-0960
(Links to External Site)
|
Date: Jul 1 2008
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0 and later versions
|
Description:
A vulnerability was reported in Net-snmp. A remote user can bypass authentication.
A remote user can send an SNMPv3 packet with a specially crafted Hash Message Authentication Code (HMAC) value to bypass the authentication function. The user can read and modify SNMP objects with the privileges of the target user.
UCD-SNMP is also affected.
SNMPv1 and SNMPv2 are not affected.
Wes Hardaker reported this vulnerability.
|
Impact:
A remote user can bypass authentication.
|
Solution:
Apple has issued a fix for Mac OS X (Security Update 2008-004 and Mac OS X 10.5.4), which can be downloaded and installed via Software Update preferences, or from Apple Downloads at:
http://www.apple.com/support/downloads/
The vendor's advisory is available at:
http://support.apple.com/kb/HT2163
|
Vendor URL: sourceforge.net/forum/forum.php?forum_id=833770 (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
