JPCERT-AT-2008-0011
JPCERT/CC
2008-06-11
<<< JPCERT/CC Alert 2008-06-11 >>>
SNMPv3 Authentication Bypass Vulnerability
http://www.jpcert.or.jp/at/2008/at080011.txt
I. Overview
An authentication bypass vulnerability has been found in multiple
products that implement SNMP (Simple Network Management Protocol)
version 3, a protocol commonly used to manage network devices. As a
result, device configuration information protected by the
authentication function may be disclosed, or a remote attacker may
change network device configurations.
II. Products Affected
Products such as Cisco products, Juniper products, NET-SNMP, and
UCD-SNMP have been found to be affected by this vulnerability when
they use the SNMPv3 authentication function.
For more information, refer to the following websites. For products
and systems not mentioned here, refer to each vendor's or
distributor's website.
Cisco Security Advisory:SNMP Version 3 Authentication
Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
NET-SNMP, UCD-SNMP
oCERT.org - oCERT Advisories
http://www.ocert.org/advisories/ocert-2008-006.html
III. Solution
Apply a patch provided by the vendors or distributors. For the
latest information about the patches, refer to CERT/CCs' or vendors'
websites below.
When application of a patch is difficult or an applicable patch has
not been released, workarounds are available. For example, it is
possible to restrict access to SNMP services using a packet filtering
function of a device such as a router.
(Although the port for SNMP service is usually 161/udp, it can vary
depending on the product.)
IV. References
JVNTA08-162A
SNMPv3 Authentication Bypass Vulnerability
http://jvn.jp/cert/JVNTA08-162A/index.html
JVNVU#878044
snmpv3 improper hmac validation allows authentication bypass
http://jvn.jp/cert/JVNVU878044/index.html
US-CERT Technical Cyber Security Alert TA08-162A
SNMPv3 Authentication Bypass Vulnerability
http://www.us-cert.gov/cas/techalerts/TA08-162A.html
vulnerability note vu#878044
snmpv3 improper hmac validation allows authentication bypass
http://www.kb.cert.org/vuls/id/878044
AusCERT - ESB-2008.0593 -
SNMP Version 3 Authentication Vulnerabilities
http://www.auscert.org.au/render.html?it=9422
Red Hat Support
net-snmp security update
https://rhn.redhat.com/errata/RHSA-2008-0529.html
If you have any information you could provide regarding this alert,
please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top