[Pkg-net-snmp-devel] Bug#485945: net-snmp: CVE-2008-0960 spoofing of authenticated SNMPv3 packets because of checking only one byte of HMAC value

Nico Golde nico at ngolde.de
Thu Jun 12 13:26:39 UTC 2008

Package: net-snmp
Severity: grave
Tags: security patch

the following CVE (Common Vulnerabilities & Exposures) id was
published for net-snmp.

| SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before, 5.3.x
| before, and 5.4.x before; (2) UCD-SNMP; (3) eCos; (4)
| Juniper Session and Resource Control (SRC) C-series 1.0.0 through
| 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and
| 7.3RC2; (6) SNMP Research before 16.2; and (7) multiple Cisco IOS,
| CatOS, ACE, and Nexus products; relies on the client to specify the
| HMAC length, which makes it easier for remote attackers to bypass SNMP
| authentication via a length value of 1, which only checks the first
| byte.

Upstream patch: http://sourceforge.net/tracker/download.php?group_id=12694&atid=456380&file_id=280776&aid=1989089

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960

Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-net-snmp-devel/attachments/20080612/fda57b2e/attachment.pgp 

More information about the Pkg-net-snmp-devel mailing list