what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2008-0960

Status Candidate

Overview

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

Related Files

Ubuntu Security Notice 685-1
Posted Dec 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service.

tags | advisory, remote, denial of service, perl
systems | linux, ubuntu
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | 441f25adda0431138b869fe47b92dd9f38cbd70f4168c9c28f03b0901f514c65
Debian Linux Security Advisory 1663-1
Posted Nov 9, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8f
VMware Security Advisory 2008-0017
Posted Oct 31, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
advisories | CVE-2008-3281, CVE-2008-0960, CVE-2008-2327
SHA-256 | 9b95b2eac411ccf8ddbae9b70391be0685aa4158605a231698472c0a4d751e09
VMware Security Advisory 2008-0013
Posted Aug 13, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.

tags | advisory, perl, vulnerability
advisories | CVE-2007-3108, CVE-2007-5135, CVE-2008-2292, CVE-2008-0960, CVE-2008-1927
SHA-256 | b9fc79fc6d73c8635a227013728cb6e8490b89d0d62d24c585fa37fd7cbfa221
Gentoo Linux Security Advisory 200808-2
Posted Aug 6, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-02 - Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length (CVE-2008-0960). John Kortink reported a buffer overflow in the Perl bindings of Net-SNMP when processing the OCTETSTRING in an attribute value pair (AVP) received by an SNMP agent (CVE-2008-2292). Versions less than 5.4.1.1 are affected.

tags | advisory, overflow, perl
systems | linux, gentoo
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | e6d84d1323e43ba022aac84c3b0081e045f00b8ba2c02b9bb6b8aecdf785ce53
SUSE-SA-2008-039.txt
Posted Aug 1, 2008
Site suse.com

SUSE Security Announcement - The net-snmp daemon implements the "simple network management protocol". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).

tags | advisory, local, protocol
systems | linux, suse
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | 51fa484aec92b65802091658bdf77bf9d1215aabe8811a2e23ba90cb8d51ba16
Mandriva Linux Security Advisory 2008-118
Posted Jun 21, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet. A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convince an application using the Net-SNMP perl modules to connect to a malicious SNMP agent.

tags | advisory, overflow, perl, spoof
systems | linux, mandriva
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | babeada070a56962e37934c5b40607987158dc8d74b1ca5546b1d998b792993c
snmpv3_exp.tgz
Posted Jun 13, 2008
Authored by Maurizio Agazzini | Site lab.mediaservice.net

SNMPv3 HMAC validation error remote authentication bypass exploit.

tags | exploit, remote
advisories | CVE-2008-0960
SHA-256 | 92710090b7bafba96ab29015afb2d6cf4a243ec3a921c0b60182a8d8ffbdfd78
Cisco Security Advisory 20080610-snmpv3
Posted Jun 11, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

tags | advisory, vulnerability, protocol
systems | cisco
advisories | CVE-2008-0960
SHA-256 | 2bf5fae72a18d3fef99f69e4751a6ba0f8f6e59a2409a2de83e53853792406e5
snmp-spoof.txt
Posted Jun 11, 2008
Authored by Andrea Barisani | Site ocert.org

Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3 packets. Net-SNMP versions equal and below 5.4.1, 5.3.2, and 5.2.4 are affected. All versions of eCos and UCD-SNMP are affected.

tags | advisory, spoof
advisories | CVE-2008-0960
SHA-256 | ff4e903a00dd6d273a0bb7e2abb1a38e4e9b9f70707af856d4c0989f041b050e
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close