Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2008-0960

Published: 10/06/2008 Updated: 30/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Catos

Vulnerability Summary

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x prior to 5.2.4.1, 5.3.x prior to 5.3.2.1, and 5.4.x prior to 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 up to and including 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research prior to 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote malicious users to bypass SNMP authentication via a length value of 1, which only checks the first byte.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

juniper session_and_resource_control 2.0

juniper src_pe 1.0

juniper session_and_resource_control 1.0

juniper src_pe 2.0

Vendor Advisories

Debian CVElist Bug Report Logs: net-snmp: CVE-2008-0960 spoofing of authenticated SNMPv3 packets because only length of HMAC code is is taken into account for checks
Debian Bug report logs - #485945 net-snmp: CVE-2008-0960 spoofing of authenticated SNMPv3 packets because only length of HMAC code is is taken into account for checks Package: net-snmp; Maintainer for net-snmp is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Reported by: Nico Golde <nico@ngoldede&g ...
Ubuntu Security Notice: net-snmp vulnerabilities
Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user’s views without a valid authentication passphrase (CVE-2008-0960) ...
Debian Security Advisories: DSA-1663-1 net-snmp -- several vulnerabilities
Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0960 Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofin ...
Cisco: SNMP Version 3 Authentication Vulnerabilities
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature These vulnerabilities can be exploited when processing a malformed SNMPv3 message These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configurati ...

Exploits

Exploit DB: SNMPv3 - HMAC Validation error Remote Authentication Bypass
############################################################################# # # # snmpv3_expsh exploit the vulnerability described in CVE-2008-0960, the # # HMAC check problem (on multiple vendor) # # ...

References

CWE-287http://www.openwall.com/lists/oss-security/2008/06/09/1http://www.ocert.org/advisories/ocert-2008-006.htmlhttp://sourceforge.net/forum/forum.php?forum_id=833770http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380http://www.kb.cert.org/vuls/id/CTAR-7FBS8Qhttp://www.kb.cert.org/vuls/id/MIMG-7ETS5Zhttp://www.kb.cert.org/vuls/id/MIMG-7ETS87https://bugzilla.redhat.com/show_bug.cgi?id=447974http://rhn.redhat.com/errata/RHSA-2008-0528.htmlhttp://www.kb.cert.org/vuls/id/878044http://www.securityfocus.com/bid/29623http://secunia.com/advisories/30574http://secunia.com/advisories/30596http://www.us-cert.gov/cas/techalerts/TA08-162A.htmlhttp://secunia.com/advisories/31334http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.htmlhttp://secunia.com/advisories/30647http://support.apple.com/kb/HT2163http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://secunia.com/advisories/30648http://secunia.com/advisories/31467http://www.mandriva.com/security/advisories?name=MDVSA-2008:118https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.htmlhttp://www.vmware.com/security/advisories/VMSA-2008-0013.htmlhttp://secunia.com/advisories/30802http://secunia.com/advisories/30665http://secunia.com/advisories/31351http://lists.ingate.com/pipermail/productinfo/2008/000021.htmlhttp://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.htmlhttp://secunia.com/advisories/30626http://security.gentoo.org/glsa/glsa-200808-02.xmlhttp://secunia.com/advisories/31568http://support.avaya.com/elmodocs2/security/ASA-2008-282.htmhttp://www.vmware.com/security/advisories/VMSA-2008-0017.htmlhttp://www.debian.org/security/2008/dsa-1663http://www.redhat.com/support/errata/RHSA-2008-0529.htmlhttp://secunia.com/advisories/30615http://www.securitytracker.com/id?1020218http://secunia.com/advisories/30612http://secunia.com/advisories/32664http://securityreason.com/securityalert/3933http://secunia.com/advisories/33003http://www.ubuntu.com/usn/usn-685-1http://www.vupen.com/english/advisories/2009/1612http://secunia.com/advisories/35463http://marc.info/?l=bugtraq&m=127730470825399&w=2http://www.vupen.com/english/advisories/2008/2361http://www.vupen.com/english/advisories/2008/2971http://www.vupen.com/english/advisories/2008/1836/referenceshttp://www.vupen.com/english/advisories/2008/1800/referenceshttp://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2008/1797/referenceshttp://www.vupen.com/english/advisories/2008/1801/referenceshttp://www.vupen.com/english/advisories/2008/1788/referenceshttp://www.vupen.com/english/advisories/2008/1787/referenceshttps://www.exploit-db.com/exploits/5790https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820http://www.securityfocus.com/archive/1/497962/100/0/threadedhttp://www.securityfocus.com/archive/1/493218/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485945https://nvd.nist.govhttps://usn.ubuntu.com/685-1/https://www.exploit-db.com/exploits/5790/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3https://www.kb.cert.org/vuls/id/878044
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook