Vulnerability Note VU#878044
SNMPv3 improper HMAC validation allows authentication bypass
A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass.
SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and privacy control among other features. Authentication for SNMPv3 is done using keyed-Hash Message Authentication Code (HMAC), a message authentication code calculated using a cryptographic hash function in combination with a secret key. Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte.
This issue is known to affect Net-SNMP and UCD-SNMP. Other SNMP implementations may also be affected.
This vulnerability allows attackers to read and modify any SNMP object that can be accessed by the impersonated user. Attackers exploiting this vulnerability can view and modify the configuration of these devices.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|eCosCentric||Affected||-||13 Jun 2008|
|Extreme Networks||Affected||20 May 2008||22 Apr 2009|
|Global Technology Associates||Affected||20 May 2008||16 Jul 2009|
|Internet Initiative Japan||Affected||-||19 Jun 2008|
|Juniper Networks, Inc.||Affected||20 May 2008||09 Jun 2008|
|netsnmp||Affected||16 May 2008||10 Jun 2008|
|Network Appliance, Inc.||Affected||20 May 2008||04 Jun 2008|
|Red Hat, Inc.||Affected||20 May 2008||06 Jun 2008|
|SNMP Research||Affected||-||06 Jun 2008|
|Sun Microsystems, Inc.||Affected||20 May 2008||16 Jun 2008|
|AdventNet Inc.||Not Affected||13 Jun 2008||18 Jun 2008|
|Computer Associates||Not Affected||20 May 2008||20 Jun 2008|
|Computer Associates eTrust Security Management||Not Affected||20 May 2008||20 Jun 2008|
|Force10 Networks, Inc.||Not Affected||20 May 2008||12 Jun 2008|
|Fortinet, Inc.||Not Affected||20 May 2008||27 May 2008|
CVSS Metrics (Learn More)
This issue was reported by Wes Hardaker at Net-SNMP. Thanks also to Jeff Case of SNMP Research and oCERT .
This document was written by Chris Taschner and David Warren.
- CVE IDs: CVE-2008-0960
- US-CERT Alert: TA08-162A
- Date Public: 31 May 2008
- Date First Published: 10 Jun 2008
- Date Last Updated: 16 Jul 2009
- Severity Metric: 7.56
- Document Revision: 36
If you have feedback, comments, or additional information about this vulnerability, please send us email.