US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

         National Cyber Alert System

   Technical Cyber Security Alert TA08-162A


SNMPv3 Authentication Bypass Vulnerability

   Original release date: June 10, 2008
   Last revised: --
   Source: US-CERT


Systems Affected

     * Multiple Implementations of SNMPv3


Overview

   A  vulnerability in the way implementations of SNMPv3 handle specially
   crafted packets may allow authentication bypass.


I. Description

   The  Simple  Network  Management  Protocol (SNMP) is a widely deployed
   protocol  that is commonly used to monitor and manage network devices.
   SNMPv3  (  RFC  3410)  supports a user-based security model (RFC 3414)
   that incorporates security features such as authentication and privacy
   control.  Authentication  for  SNMPv3 is done using keyed-hash message
   authentication  code  (HMAC), a message authentication code calculated
   using  a cryptographic hash function in combination with a secret key.
   Implementations  of  SNMPv3  may  allow  a  shortened HMAC code in the
   authenticator field to authenticate to an agent or a trap daemon using
   a  minimum HMAC of one byte. Reducing the HMAC to one-byte HMAC makes
   brute-force  authentication  trivial.  This  issue  is known to affect
   Net-SNMP   and  UCD-SNMP.  Other  SNMP  implementations  may  also  be
   affected.


II. Impact

   This vulnerability allows attackers to read and modify any SNMP object
   that  can  be  accessed  using the authentication credentials that got
   them into the system. Attackers exploiting this vulnerability can view
   and  modify  the  configuration  of these devices. Attackers must gain
   access  using  credentials  with  write  privileges in order to modify
   configurations.


III. Solution

Upgrade

   Please consult your vendor for more information.

Apply a patch

   Net-SNMP  has  released  a  patch  to  address  this  issue.  For more
   information,  refer  to  SECURITY  RELEASE: Multiple Net-SNMP Versions
   Released. Users are encouraged to apply the patch as soon as possible.
   Note that patch should apply cleanly to UCD-snmp too.

Enable the SNMPv3 privacy subsystem

   The  configuration  should  be  modified  to enable the SNMPv3 privacy
   subsystem  to  encrypt the SNMPv3 traffic using a secret, private key.
   This  option does not encrypt the HMAC, but does minimize the possible
   affects from this vulnerability.


IV. References

     * RFC 3410 - <http://tools.ietf.org/html/rfc3410>

     * RFC 3414 - <http://tools.ietf.org/html/rfc3414>

     * SECURITY   RELEASE:   Multiple   Net-SNMP   Versions   Released  -
       <http://sourceforge.net/forum/forum.php?forum_id=833770 >

     * US-CERT Vulnerability Note -
       <http://www.kb.cert.org/vuls/id/878044>
 
 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA08-162A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@xxxxxxxx> with "TA08-162A Feedback VU#878044" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2008 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


   Revision History

   June 10 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSE6Wv3IHljM+H4irAQI5GQgAm31aOF6lk2Gsur4fcrG5US7bIFpo8ydi
5zhopMQAabueJkHlRk8yOAHjtT/oTTIATTqhHIOStIAenR1XJ7GDA0YS2MBMu34Y
9tSH0uValQsOxAscalR9sCwPbdKQRScp+KTW9/W1qwadsqrJ2fe6J4Mh1zePWONg
EPmj0ZzLDDiAA6kaBq90Pcwfl8sS8muSwatyF68CVlX2A8i87rvn/bH8efwWT0ps
dDcyba7NMbVJ2TgtJ99a7cL9AwKrZZqptnc8aAqjXQwi9H9LsS/k5MMIMvffkqc3
TA3Igt9DjuCbkYvPCaTyJrNZKvFj92h9nVD7cL8f3Ofu888rakJI0A==
=yTkQ
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux