Ubuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service.
441f25adda0431138b869fe47b92dd9f38cbd70f4168c9c28f03b0901f514c65Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8fVMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.
9b95b2eac411ccf8ddbae9b70391be0685aa4158605a231698472c0a4d751e09VMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.
b9fc79fc6d73c8635a227013728cb6e8490b89d0d62d24c585fa37fd7cbfa221Gentoo Linux Security Advisory GLSA 200808-02 - Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length (CVE-2008-0960). John Kortink reported a buffer overflow in the Perl bindings of Net-SNMP when processing the OCTETSTRING in an attribute value pair (AVP) received by an SNMP agent (CVE-2008-2292). Versions less than 5.4.1.1 are affected.
e6d84d1323e43ba022aac84c3b0081e045f00b8ba2c02b9bb6b8aecdf785ce53SUSE Security Announcement - The net-snmp daemon implements the "simple network management protocol". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).
51fa484aec92b65802091658bdf77bf9d1215aabe8811a2e23ba90cb8d51ba16Mandriva Linux Security Advisory - A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet. A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convince an application using the Net-SNMP perl modules to connect to a malicious SNMP agent.
babeada070a56962e37934c5b40607987158dc8d74b1ca5546b1d998b792993cSNMPv3 HMAC validation error remote authentication bypass exploit.
92710090b7bafba96ab29015afb2d6cf4a243ec3a921c0b60182a8d8ffbdfd78Cisco Security Advisory - Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
2bf5fae72a18d3fef99f69e4751a6ba0f8f6e59a2409a2de83e53853792406e5Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3 packets. Net-SNMP versions equal and below 5.4.1, 5.3.2, and 5.2.4 are affected. All versions of eCos and UCD-SNMP are affected.
ff4e903a00dd6d273a0bb7e2abb1a38e4e9b9f70707af856d4c0989f041b050e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed