Name:
SNMP.HMAC.Validation.Authentication.Bypass
Released Date:
Jun 16 2008
Severity:
high
CVE:
2008-0960
Bugtraq:
29623

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit an authentication-bypass vulnerability in the SNMPv3 software implementation.

The vulnerability is caused by an error when the vulnerable software handles a crafted SNMPv3 HMAC authenticator field. It allows a remote attacker to gain read/write access to these vulnerable systems.
 
Impact
Security Bypass: Remote attackers can bypass security checking of vulnerable systems.
 
Affected Products
Net-SNMP Net-SNMP 5.2.4
Net-SNMP Net-SNMP 5.3.2
Net-SNMP Net-SNMP 5.4.1
Aliases
References
http://www.securityfocus.com/bid/29623
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0960
http://milw0rm.org/exploits/5790
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
http://www.kb.cert.org/vuls/id/878044
Recommended Actions
Upgrade to the latest version/firmware, available from the vendor's site.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED