exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Technical Cyber Security Alert 2008-162A

Technical Cyber Security Alert 2008-162A
Posted Jun 10, 2008
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA08-162A - A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. This vulnerability allows attackers to read and modify any SNMP object that can be accessed using the authentication credentials that got them into the system. Attackers exploiting this vulnerability can view and modify the configuration of these devices. Attackers must gain access using credentials with write privileges in order to modify configurations.

tags | advisory
SHA-256 | c774a0ecc4a334f585e09233f1611a7322c449efc17a175953032741869d2d0f

Technical Cyber Security Alert 2008-162A

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA08-162A


SNMPv3 Authentication Bypass Vulnerability

Original release date: June 10, 2008
Last revised: --
Source: US-CERT


Systems Affected

* Multiple Implementations of SNMPv3


Overview

A vulnerability in the way implementations of SNMPv3 handle specially
crafted packets may allow authentication bypass.


I. Description

The Simple Network Management Protocol (SNMP) is a widely deployed
protocol that is commonly used to monitor and manage network devices.
SNMPv3 ( RFC 3410) supports a user-based security model (RFC 3414)
that incorporates security features such as authentication and privacy
control. Authentication for SNMPv3 is done using keyed-hash message
authentication code (HMAC), a message authentication code calculated
using a cryptographic hash function in combination with a secret key.
Implementations of SNMPv3 may allow a shortened HMAC code in the
authenticator field to authenticate to an agent or a trap daemon using
a minimum HMAC of one byte. Reducing the HMAC to one-byte HMAC makes
brute-force authentication trivial. This issue is known to affect
Net-SNMP and UCD-SNMP. Other SNMP implementations may also be
affected.


II. Impact

This vulnerability allows attackers to read and modify any SNMP object
that can be accessed using the authentication credentials that got
them into the system. Attackers exploiting this vulnerability can view
and modify the configuration of these devices. Attackers must gain
access using credentials with write privileges in order to modify
configurations.


III. Solution

Upgrade

Please consult your vendor for more information.

Apply a patch

Net-SNMP has released a patch to address this issue. For more
information, refer to SECURITY RELEASE: Multiple Net-SNMP Versions
Released. Users are encouraged to apply the patch as soon as possible.
Note that patch should apply cleanly to UCD-snmp too.

Enable the SNMPv3 privacy subsystem

The configuration should be modified to enable the SNMPv3 privacy
subsystem to encrypt the SNMPv3 traffic using a secret, private key.
This option does not encrypt the HMAC, but does minimize the possible
affects from this vulnerability.


IV. References

* RFC 3410 - <https://tools.ietf.org/html/rfc3410>

* RFC 3414 - <https://tools.ietf.org/html/rfc3414>

* SECURITY RELEASE: Multiple Net-SNMP Versions Released -
<https://sourceforge.net/forum/forum.php?forum_id=833770 >

* US-CERT Vulnerability Note -
<https://www.kb.cert.org/vuls/id/878044>

____________________________________________________________________

The most recent version of this document can be found at:

<https://www.us-cert.gov/cas/techalerts/TA08-162A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-162A Feedback VU#878044" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <https://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<https://www.us-cert.gov/legal.html>
____________________________________________________________________


Revision History

June 10 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSE6Wv3IHljM+H4irAQI5GQgAm31aOF6lk2Gsur4fcrG5US7bIFpo8ydi
5zhopMQAabueJkHlRk8yOAHjtT/oTTIATTqhHIOStIAenR1XJ7GDA0YS2MBMu34Y
9tSH0uValQsOxAscalR9sCwPbdKQRScp+KTW9/W1qwadsqrJ2fe6J4Mh1zePWONg
EPmj0ZzLDDiAA6kaBq90Pcwfl8sS8muSwatyF68CVlX2A8i87rvn/bH8efwWT0ps
dDcyba7NMbVJ2TgtJ99a7cL9AwKrZZqptnc8aAqjXQwi9H9LsS/k5MMIMvffkqc3
TA3Igt9DjuCbkYvPCaTyJrNZKvFj92h9nVD7cL8f3Ofu888rakJI0A==
=yTkQ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close