Vulnerabilites related to cisco - ace_10_6509_bundle_with_8_gbps_throughput
Vulnerability from fkie_nvd
Published
2008-06-10 18:32
Modified
2025-04-09 00:30
Severity ?
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:catos:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5CAC7FBF-2493-42CA-9B23-20AF09F0DDA8", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:catos:7.3.1:*:*:*:*:*:*:*", matchCriteriaId: "DE64E4C4-BACE-404F-966D-415976781DC4", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:catos:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "377F951F-C2D8-441D-A532-F62E23937F94", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:catos:8.3:*:*:*:*:*:*:*", matchCriteriaId: "34A3A284-36A9-4E8C-815D-6E2FE4C158DF", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.0:s:*:*:*:*:*:*", matchCriteriaId: "A5823F33-7FB3-465B-8017-1866D9EF3AA6", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.0:sy:*:*:*:*:*:*", matchCriteriaId: "94870E9E-C883-4051-8854-CDE0AE7A64B6", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.1:e:*:*:*:*:*:*", matchCriteriaId: "85C2FF9C-7730-4DBF-8C86-1EF0F1E71D8C", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:ewa:*:*:*:*:*:*", matchCriteriaId: "4A4AFC06-85C5-4AD0-A409-27F9AF398D7D", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:jk:*:*:*:*:*:*", matchCriteriaId: "EB593071-BB5A-47AD-B9C6-59D2010F6280", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sb:*:*:*:*:*:*", matchCriteriaId: "74382B2D-E9A6-453D-9C07-F959EAB4C075", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sg:*:*:*:*:*:*", matchCriteriaId: "B3D93383-BD5A-4052-B724-055F6FCFC314", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sga:*:*:*:*:*:*", matchCriteriaId: "6B1E3C39-163D-4A99-AC96-2EE388305000", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sra:*:*:*:*:*:*", matchCriteriaId: "90710000-F963-4F36-9EE1-C3CE1CECDCA2", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:srb:*:*:*:*:*:*", matchCriteriaId: "5F4F8B9E-B2AB-4545-8ACF-8F03E636E842", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:src:*:*:*:*:*:*", matchCriteriaId: "6E2D6402-D2AF-4817-8A46-1FA9B17B720C", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sxb:*:*:*:*:*:*", matchCriteriaId: "79BB5494-735D-424B-8B41-2FAECE1A7AD4", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sxd:*:*:*:*:*:*", matchCriteriaId: "FD6178BC-9741-4FC1-87DA-A5407B3A4F40", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sxf:*:*:*:*:*:*", matchCriteriaId: "2A419BD7-6345-43D8-B69C-2255E2EF6FD7", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:zl:*:*:*:*:*:*", matchCriteriaId: "B472DEEE-148A-46B4-BCBC-0A9F62F38B31", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:zy:*:*:*:*:*:*", matchCriteriaId: "23305EBA-11D5-417E-823E-39D0D052839D", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:*:*:*:*:*:*:*", matchCriteriaId: "8A8D0F64-5DE1-4A6F-91F0-8A8509BF077F", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:b:*:*:*:*:*:*", matchCriteriaId: "95418AD2-FB85-4E20-B874-D82DDF88BC91", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:ja:*:*:*:*:*:*", matchCriteriaId: "14D1B81D-95E4-4945-94F2-C36FD7C0DC55", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:jeb:*:*:*:*:*:*", matchCriteriaId: "452FF154-F6C0-4BC4-969E-1D49AA3CCE49", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:jk:*:*:*:*:*:*", matchCriteriaId: "3AB6C57C-8805-443F-8ACE-83DAA48878CA", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:jl:*:*:*:*:*:*", matchCriteriaId: "554C9611-55F1-40AF-9862-7E902D5CE1D1", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:jx:*:*:*:*:*:*", matchCriteriaId: "F89C185A-D3B3-4F5F-9249-F8EE89E8DD04", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:t:*:*:*:*:*:*", matchCriteriaId: "EEB0B55E-3579-4929-862F-C5FF9F796AE1", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xa:*:*:*:*:*:*", matchCriteriaId: "8E8E34D3-0BCB-4D19-A41C-0375941E1B21", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xg:*:*:*:*:*:*", matchCriteriaId: "09CBD68E-2A5C-43DF-9AD6-DE07815821B3", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xi:*:*:*:*:*:*", matchCriteriaId: "01393D91-ED1D-460D-8621-10260F0CBDD0", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xk:*:*:*:*:*:*", matchCriteriaId: "8AB2FF53-5991-4264-B5CC-D1E45460BFCE", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xr:*:*:*:*:*:*", matchCriteriaId: "1A1FAF42-B7B1-40B0-A0F7-5DF821E6193F", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:yf:*:*:*:*:*:*", matchCriteriaId: "1BE94EA2-E0CC-4760-94A8-DE56C8181F74", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:yi:*:*:*:*:*:*", matchCriteriaId: "929836AD-8128-4174-872D-B9638B54611C", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:yt:*:*:*:*:*:*", matchCriteriaId: "5ED5B53D-930D-477E-A0F6-76167AE67641", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:yx:*:*:*:*:*:*", matchCriteriaId: "84983F6A-64F6-4720-9291-FC84CA10EE25", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "E6A60117-E4D1-4741-98A2-E643A26616A7", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:t:*:*:*:*:*:*", matchCriteriaId: "156B91B9-1F5B-4E83-A2B7-A5B7F272D5B1", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xa:*:*:*:*:*:*", matchCriteriaId: "C9E90E83-1732-4BEF-BC5B-401769DC8880", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xc:*:*:*:*:*:*", matchCriteriaId: "51679B26-DF28-4E41-9801-E1599F250FFD", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xd:*:*:*:*:*:*", matchCriteriaId: "E989900F-BE66-47E4-9A1B-11B9785F89BB", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xe:*:*:*:*:*:*", matchCriteriaId: "95A01B7E-8231-4001-A340-31CE66474FDA", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xj:*:*:*:*:*:*", matchCriteriaId: "3CC62D3B-A287-4DED-A44D-3351452D4A55", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xw:*:*:*:*:*:*", matchCriteriaId: "687E91FF-957E-449F-BDD6-85AA59E1E0D5", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:10.0:*:*:*:*:*:*:*", matchCriteriaId: "79528F96-FD42-4A76-82EE-4B1324D53B5F", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:11.0:*:*:*:*:*:*:*", matchCriteriaId: "D626B494-6210-4F74-8D17-BA480B6665C3", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:11.1:*:*:*:*:*:*:*", matchCriteriaId: "82B6315D-7BEF-419F-9B93-3CF669E986D1", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*", matchCriteriaId: "33CCFFC6-9D26-4C39-AF76-0B8FCDE743CF", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios_xr:2.0:*:*:*:*:*:*:*", matchCriteriaId: "9FB31FAC-D720-4BF1-BFCC-0A9B714E292A", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios_xr:3.0:*:*:*:*:*:*:*", matchCriteriaId: "904CA41E-8168-41DE-AE84-941962A7BB71", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios_xr:3.2:*:*:*:*:*:*:*", matchCriteriaId: "8D69F8FA-D58A-4F53-86D8-A20C73E9B299", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios_xr:3.3:*:*:*:*:*:*:*", matchCriteriaId: "AD331C50-DB93-4001-B56A-C1012F894CDF", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*", matchCriteriaId: "75538529-611A-43B5-AC4D-089C4E2E2ACC", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*", matchCriteriaId: "F992D03D-1DB8-44C1-B59D-1C09A32A2C91", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios_xr:3.6:*:*:*:*:*:*:*", matchCriteriaId: "7A8BC298-4AF9-4281-9AD9-0D8F621E46B0", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios_xr:3.7:*:*:*:*:*:*:*", matchCriteriaId: "F2FE436B-2117-4FB4-B550-8454848D1D58", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:nx_os:4.0:*:*:*:*:*:*:*", matchCriteriaId: "69D2BD63-C110-4E89-B239-4A59E20AB78E", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:nx_os:4.0.1:a:*:*:*:*:*:*", matchCriteriaId: "43E5FFB6-861D-4F91-B3C9-C5E57DDD25C3", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:nx_os:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "1BD3BD3D-767D-483D-9FFE-D23AA2E228E6", vulnerable: false, }, { criteria: "cpe:2.3:o:ecos_sourceware:ecos:1.1:*:*:*:*:*:*:*", matchCriteriaId: "6762126F-55E4-4963-99F5-206A46979E7C", vulnerable: false, }, { criteria: "cpe:2.3:o:ecos_sourceware:ecos:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "1945B97A-8276-4EE2-8F76-5F0C0956DF18", vulnerable: false, }, { criteria: "cpe:2.3:o:ecos_sourceware:ecos:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7C8CA81F-2AB6-45F8-8AAE-BF6A7EDA73D5", vulnerable: false, }, { criteria: "cpe:2.3:o:ecos_sourceware:ecos:2.0:*:*:*:*:*:*:*", matchCriteriaId: "F2452913-0513-46BB-A52E-8FA12D77B570", vulnerable: false, }, { criteria: "cpe:2.3:o:ecos_sourceware:ecos:2.0:b1:*:*:*:*:*:*", matchCriteriaId: "5D967624-23B1-48BB-91DB-1E1C18AAAD85", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0:*:*:*:*:*:*:*", matchCriteriaId: "18CCF3B9-CA7D-4D37-BD2C-1B74586B98A7", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5A0AB8C2-EE95-48AA-98B7-B6ED40494A0A", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "77930529-89BE-463D-8259-3D67D153284A", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "743DEB17-3BE3-4278-A54B-2CE547DB9F31", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0DCAF8C2-0E4E-4474-BD1E-F28A6EAEF8F8", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "D2BCA127-F5F3-418F-890D-6B1C03019590", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA5A2C2F-ABF4-46B0-80AB-867B97AE5237", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "BE83150C-456E-462A-A0F1-ED8EAD60D671", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "BF5B2431-335C-461B-B07F-88267EA71DCD", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "9DBA8E67-021A-4D07-94B9-943A8E1C4468", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.1:*:*:*:*:*:*:*", matchCriteriaId: "905D1F04-CDFD-4BAD-8939-5ABC70A874E6", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "00878E69-2721-43E3-A853-D3DCFE5C258D", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "C51799BB-D931-436C-8C94-558956AC880A", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.2:*:*:*:*:*:*:*", matchCriteriaId: "A1ACC549-B5AF-4F5C-A3FE-257AA6D80C7A", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.3:*:*:*:*:*:*:*", matchCriteriaId: "D498D406-A453-4119-BBA1-4709CF5862AE", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8D68555E-BEB9-4F1E-8D6D-C313FB501523", vulnerable: false, }, { criteria: "cpe:2.3:o:net-snmp:net_snmp:5.4:*:*:*:*:*:*:*", matchCriteriaId: "7B44A0D4-3020-414B-81D7-679E8441E182", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:10.0:unkown:x86:*:*:*:*:*", matchCriteriaId: "B76A8BD4-E53F-49A6-946B-6E672DD0419C", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*", matchCriteriaId: "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ace_10_6504_bundle_with_4_gbps_throughput:*:*:*:*:*:*:*:*", matchCriteriaId: "E1C6B46B-13E2-4DA4-9EF2-007893034269", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ace_10_6509_bundle_with_8_gbps_throughput:*:*:*:*:*:*:*:*", matchCriteriaId: "F1C501EB-CF9F-437D-A7C0-2A12F1D5E171", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ace_10_service_module:*:*:*:*:*:*:*:*", matchCriteriaId: "538FE81A-2FD9-4A7C-AEC7-8FCE98DADBE0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ace_20_6504_bundle_with__4gbps_throughput:*:*:*:*:*:*:*:*", matchCriteriaId: "15D3471D-6267-4481-8BBD-BFC106E8F30B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ace_20_6509_bundle_with_8gbps_throughput:*:*:*:*:*:*:*:*", matchCriteriaId: "13FB3C8A-87D3-4601-BD97-2B9F9FA8CA47", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ace_20_service_module:*:*:*:*:*:*:*:*", matchCriteriaId: "F0292228-80D8-4BA4-8662-698D7003D7D0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*", matchCriteriaId: "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ace_xml_gateway:5.2:*:*:*:*:*:*:*", matchCriteriaId: "522C9080-86A6-40A8-905C-73187DAF83F7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ace_xml_gateway:6.0:*:*:*:*:*:*:*", matchCriteriaId: "1C1B7A18-F230-44D4-801E-8284085CA1DF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:mds_9120:*:*:*:*:*:*:*:*", matchCriteriaId: "8E62CC4C-89A7-4594-BDD8-394211889220", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:mds_9124:*:*:*:*:*:*:*:*", matchCriteriaId: "E152F995-BCD2-4725-A47C-1A5E7D6B9005", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:mds_9134:*:*:*:*:*:*:*:*", matchCriteriaId: "51E38404-ED69-4B0E-A035-2AF5E0649CC1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:mds_9140:*:*:*:*:*:*:*:*", matchCriteriaId: "A90F0A06-A634-4BD0-A477-90BD3384B7D0", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "346E0D1B-CF9E-48BC-AE7A-F8CEF09F6741", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0123D2ED-3983-45D3-B54A-3E75FCE99C6D", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "66CA6C29-1DF1-46E3-BDCA-9ED72D3E6731", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E50E974E-87F5-45A2-88BA-B1E4913E3DAD", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D4AB25CC-BB96-4675-98D7-C5FF30C24014", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "9C7C95AD-3D5F-458B-A761-5D7779FEA327", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E9E4A3F6-5D89-47D0-84AD-601682399D8B", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "C700A36D-5FB4-475D-BE85-74511830870A", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "02060365-1D67-4611-8D79-B9FC354EBF99", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "194BD880-F672-4492-8356-B14C8DA8C2DB", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B1D769FC-3081-48F8-BBF1-3964F3F8B569", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A966DB26-8A52-4F4D-9C0E-8A8719A195AE", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "E6675DF0-963A-4091-9786-7CE3337EE47E", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "77A94931-8584-4021-A5BB-83FF22D54955", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "F06FB120-9BB3-4363-B2A2-A3475993FDFD", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8229DE3A-B9CB-44FF-8409-51E09DDED479", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "1AAD7A89-294A-45DA-B5F5-C69F7FCC4A5E", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "2699E7A6-7B3A-4C4C-9472-B8B6B547624D", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D913348F-351C-4D78-A0AA-27B355D52235", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "C3E88A46-CEC7-46D5-9697-232E18531FD5", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "5F16B8D0-81F5-4ECE-8276-EC30DDCCE1A7", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "0ECFBAFE-9267-469A-A97F-F716969B247C", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "48F839C7-7B33-4BF6-9ACF-76F32F5D7C72", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1559E6-E7B6-4B5B-8841-CF502E05BA46", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F041246F-5B7F-4F63-9E81-02465C9062C2", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "ADB78013-DEE9-438E-ABD1-5E3D932177BB", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.5.1:*:*:*:*:*:*:*", matchCriteriaId: "D77447C3-AA72-4CAB-A0B1-0883D41AD064", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "473038C0-1644-4FF2-A1DA-BCB8A7CD1CA2", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "C9C3F04F-7581-4DCA-970D-9FCBB56EA724", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "7ABF04A7-8230-4AB9-8D66-DF1463037823", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_firewall:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "EC205E36-7027-4A9B-8574-9BB9C68007A5", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "69C55DD7-986A-4AB6-8F61-5A5D26531011", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "84DDD7E4-D5D7-4341-9482-2B918306578D", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "14A3C59C-6A3D-477B-B425-1C085D6951E3", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "31AA57F4-5023-4333-9F19-C9D362E8E495", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "063034FF-0AB8-4D78-9822-0DCA9657C853", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "67477EC7-363E-45B5-BA53-1A4E9FB20CDE", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "78E11F95-E635-465C-BD7F-5F7E9192DEAC", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "74F145F0-573E-4CBC-AB69-3B77D6F9A540", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "49DA7D86-8845-43CA-80DC-3D794322CB28", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "ABD34FEB-7956-44AE-A510-2E5F9EF61651", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9DEF5098-3791-4CEB-A436-2809A4385D27", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5D895880-FB98-4472-A164-458CE086F339", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "D7912AA3-0469-479E-9C5A-53F20E504956", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8677C6C8-39CA-492A-A196-9DFAF892120C", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "51FA6F2A-8444-4BB2-B7F2-B97AEFFF9E27", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "60E46CAD-0032-4CD6-AA2A-871E1DFC3A35", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "22CE55DE-00CA-4F87-9CA0-80A360E332FA", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "63DC81FA-A6B4-41DC-8097-8944D06A2451", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CB87853E-CAFF-48D8-9C56-A2DE325235D5", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "61E35451-BEE3-412A-8706-5522C00BE1DD", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "E599E0CE-CCB7-4A30-8AA9-45BBC11AFEC2", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "F45326B3-CC4E-4C3A-9819-28936A0432F4", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "CDBF1A78-7190-4326-84BD-C18CC354DA38", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "D97FFBA0-2E80-40EF-A4AC-F26D3490371E", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.3.4:*:*:*:*:*:*:*", matchCriteriaId: "5A442F5B-5A1A-4CD0-B693-851FFB917E5D", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "074BCB70-AD66-4141-9DD3-9DE73BDCB0F3", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "646BF70F-CB7B-48E3-8563-E089E1CECD11", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.5.1:*:*:*:*:*:*:*", matchCriteriaId: "1CD34A7B-508C-45F2-8725-FE42398D3652", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "D2785732-A5C7-434E-B45D-13138B574F45", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "989A4E8A-F23D-4BF5-B860-FB7B04A1CE56", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "A07E1241-24BE-48D3-B737-56B2AAA3AF64", vulnerable: false, }, { criteria: "cpe:2.3:h:ingate:ingate_siparator:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "EFB751FD-CCCA-4131-A24F-65DEF1128B26", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:juniper:session_and_resource_control:1.0:*:*:*:*:*:*:*", matchCriteriaId: "D106F4E4-4B41-4002-8C34-6A9C3A0FF640", vulnerable: true, }, { criteria: "cpe:2.3:a:juniper:session_and_resource_control:2.0:*:*:*:*:*:*:*", matchCriteriaId: "863583DC-DD93-46DC-BA06-0B838CDB2565", vulnerable: true, }, { criteria: "cpe:2.3:a:juniper:src_pe:1.0:*:*:*:*:*:*:*", matchCriteriaId: "0D50E1B4-A64E-45D5-8A44-947DE7B8AAD4", vulnerable: true, }, { criteria: "cpe:2.3:a:juniper:src_pe:2.0:*:*:*:*:*:*:*", matchCriteriaId: "ED5F1A8F-5ED9-4ED0-A336-A0E4A439E6F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.", }, { lang: "es", value: "Una comprobación SNMPv3 HMAC en (1) Net-SNMP versión 5.2.x anterior a 5.2.4.1, versión 5.3.x anterior a 5.3.2.1 y versión 5.4.x anterior a 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) C-series versión 1.0.0 hasta 2.0.0 de Juniper Session and Resource Control (SRC); (5) Data de NetApp (también se conoce como Network Appliance) ONTAP versiones 7.3RC1 y 7.3RC2; (6) SNMP Research versión anterior a 16.2; (7) múltiples productos Cisco IOS, CatOS, ACE y Nexus; (8) Ingate Firewall versión 3.1.0 y posterior y SIParator versión 3.1.0 y posterior; (9) HP OpenView SNMP Emanate Master Agent versión 15.x; y posiblemente otros productos dependen del cliente para especificar la longitud del HMAC, lo que facilita que los atacantes remotos omitan la autenticación SNMP por medio de un valor de longitud de 1, que solo comprueba el primer byte.", }, ], id: "CVE-2008-0960", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-10T18:32:00.000", references: [ { source: "cret@cert.org", url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "cret@cert.org", url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html", }, { source: "cret@cert.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html", }, { source: "cret@cert.org", url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { source: "cret@cert.org", url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { source: "cret@cert.org", url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30574", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30596", }, { source: "cret@cert.org", url: "http://secunia.com/advisories/30612", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30615", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30626", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30647", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30648", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30665", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31334", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31351", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31467", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31568", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32664", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33003", }, { source: "cret@cert.org", url: "http://secunia.com/advisories/35463", }, { source: "cret@cert.org", url: "http://security.gentoo.org/glsa/glsa-200808-02.xml", }, { source: "cret@cert.org", url: "http://securityreason.com/securityalert/3933", }, { source: "cret@cert.org", url: "http://sourceforge.net/forum/forum.php?forum_id=833770", }, { source: "cret@cert.org", url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380", }, { source: "cret@cert.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1", }, { source: "cret@cert.org", url: "http://support.apple.com/kb/HT2163", }, { source: "cret@cert.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml", }, { source: "cret@cert.org", tags: [ "Patch", ], url: "http://www.debian.org/security/2008/dsa-1663", }, { source: "cret@cert.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/878044", }, { source: "cret@cert.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q", }, { source: "cret@cert.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z", }, { source: "cret@cert.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87", }, { source: "cret@cert.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118", }, { source: "cret@cert.org", url: "http://www.ocert.org/advisories/ocert-2008-006.html", }, { source: "cret@cert.org", url: "http://www.openwall.com/lists/oss-security/2008/06/09/1", }, { source: "cret@cert.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded", }, { source: "cret@cert.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/29623", }, { source: "cret@cert.org", url: "http://www.securitytracker.com/id?1020218", }, { source: "cret@cert.org", url: "http://www.ubuntu.com/usn/usn-685-1", }, { source: "cret@cert.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html", }, { source: "cret@cert.org", url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { source: "cret@cert.org", url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/1787/references", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/1788/references", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/1797/references", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/1800/references", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/1801/references", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/1836/references", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/2361", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2008/2971", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2009/1612", }, { source: "cret@cert.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974", }, { source: "cret@cert.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820", }, { source: "cret@cert.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785", }, { source: "cret@cert.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414", }, { source: "cret@cert.org", url: "https://www.exploit-db.com/exploits/5790", }, { source: "cret@cert.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html", }, { source: "cret@cert.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html", }, { source: "cret@cert.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30665", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31568", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32664", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200808-02.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/forum/forum.php?forum_id=833770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT2163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.debian.org/security/2008/dsa-1663", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/878044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ocert.org/advisories/ocert-2008-006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/06/09/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/29623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-685-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1787/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1788/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1797/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1800/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1801/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1836/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2971", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/1612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/5790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2008-0960 (GCVE-0-2008-0960)
Vulnerability from cvelistv5
Published
2008-06-10 18:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:01:40.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380", }, { name: "35463", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35463", }, { name: "30615", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30615", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT2163", }, { name: "ADV-2008-1787", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1787/references", }, { name: "30648", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30648", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q", }, { name: "32664", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32664", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1801", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1801/references", }, { name: "SUSE-SA:2008:039", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html", }, { name: "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html", }, { name: "31351", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31351", }, { name: "ADV-2008-1788", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1788/references", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", }, { name: "FEDORA-2008-5215", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html", }, { name: "29623", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29623", }, { name: "31334", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31334", }, { name: "ADV-2008-2971", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2971", }, { name: "oval:org.mitre.oval:def:10820", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820", }, { name: "oval:org.mitre.oval:def:6414", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414", }, { name: "30626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30626", }, { name: "SSRT080082", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html", }, { name: "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/06/09/1", }, { name: "HPSBMA02439", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { name: "VU#878044", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/878044", }, { name: "30647", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30647", }, { name: "238865", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1", }, { name: "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded", }, { name: "ADV-2008-1836", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1836/references", }, { name: "33003", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33003", }, { name: "20080610 SNMP Version 3 Authentication Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml", }, { name: "ADV-2008-2361", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2361", }, { name: "31568", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31568", }, { name: "31467", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31467", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "DSA-1663", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1663", }, { name: "TA08-162A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ocert.org/advisories/ocert-2008-006.html", }, { name: "RHSA-2008:0528", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html", }, { name: "3933", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3933", }, { name: "RHSA-2008:0529", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html", }, { name: "30612", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30612", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30802", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z", }, { name: "5790", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/5790", }, { name: "ADV-2008-1797", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1797/references", }, { name: "GLSA-200808-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200808-02.xml", }, { name: "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded", }, { name: "30665", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30665", }, { name: "FEDORA-2008-5218", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html", }, { name: "FEDORA-2008-5224", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html", }, { name: "ADV-2008-1800", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1800/references", }, { name: "MDVSA-2008:118", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118", }, { name: "USN-685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-685-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/forum/forum.php?forum_id=833770", }, { name: "1020218", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020218", }, { name: "30596", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30596", }, { name: "oval:org.mitre.oval:def:5785", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785", }, { name: "ADV-2009-1612", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1612", }, { name: "30574", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30574", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-09T00:00:00", descriptions: [ { lang: "en", value: "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380", }, { name: "35463", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35463", }, { name: "30615", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30615", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT2163", }, { name: "ADV-2008-1787", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1787/references", }, { name: "30648", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30648", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q", }, { name: "32664", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32664", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1801", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1801/references", }, { name: "SUSE-SA:2008:039", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html", }, { name: "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html", }, { name: "31351", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31351", }, { name: "ADV-2008-1788", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1788/references", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", }, { name: "FEDORA-2008-5215", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html", }, { name: "29623", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29623", }, { name: "31334", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31334", }, { name: "ADV-2008-2971", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2971", }, { name: "oval:org.mitre.oval:def:10820", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820", }, { name: "oval:org.mitre.oval:def:6414", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414", }, { name: "30626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30626", }, { name: "SSRT080082", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html", }, { name: "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/06/09/1", }, { name: "HPSBMA02439", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { name: "VU#878044", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/878044", }, { name: "30647", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30647", }, { name: "238865", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1", }, { name: "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded", }, { name: "ADV-2008-1836", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1836/references", }, { name: "33003", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33003", }, { name: "20080610 SNMP Version 3 Authentication Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml", }, { name: "ADV-2008-2361", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2361", }, { name: "31568", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31568", }, { name: "31467", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31467", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "DSA-1663", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1663", }, { name: "TA08-162A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ocert.org/advisories/ocert-2008-006.html", }, { name: "RHSA-2008:0528", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html", }, { name: "3933", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3933", }, { name: "RHSA-2008:0529", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html", }, { name: "30612", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30612", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30802", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z", }, { name: "5790", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/5790", }, { name: "ADV-2008-1797", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1797/references", }, { name: "GLSA-200808-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200808-02.xml", }, { name: "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded", }, { name: "30665", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30665", }, { name: "FEDORA-2008-5218", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html", }, { name: "FEDORA-2008-5224", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html", }, { name: "ADV-2008-1800", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1800/references", }, { name: "MDVSA-2008:118", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118", }, { name: "USN-685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-685-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/forum/forum.php?forum_id=833770", }, { name: "1020218", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020218", }, { name: "30596", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30596", }, { name: "oval:org.mitre.oval:def:5785", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785", }, { name: "ADV-2009-1612", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1612", }, { name: "30574", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30574", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2008-0960", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380", refsource: "CONFIRM", url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380", }, { name: "35463", refsource: "SECUNIA", url: "http://secunia.com/advisories/35463", }, { name: "30615", refsource: "SECUNIA", url: "http://secunia.com/advisories/30615", }, { name: "http://support.apple.com/kb/HT2163", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT2163", }, { name: "ADV-2008-1787", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1787/references", }, { name: "30648", refsource: "SECUNIA", url: "http://secunia.com/advisories/30648", }, { name: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q", refsource: "CONFIRM", url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q", }, { name: "32664", refsource: "SECUNIA", url: "http://secunia.com/advisories/32664", }, { name: "ADV-2008-1981", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1801", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1801/references", }, { name: "SUSE-SA:2008:039", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html", }, { name: "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability", refsource: "MLIST", url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html", }, { name: "31351", refsource: "SECUNIA", url: "http://secunia.com/advisories/31351", }, { name: "ADV-2008-1788", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1788/references", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", }, { name: "FEDORA-2008-5215", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html", }, { name: "29623", refsource: "BID", url: "http://www.securityfocus.com/bid/29623", }, { name: "31334", refsource: "SECUNIA", url: "http://secunia.com/advisories/31334", }, { name: "ADV-2008-2971", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2971", }, { name: "oval:org.mitre.oval:def:10820", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820", }, { name: "oval:org.mitre.oval:def:6414", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414", }, { name: "30626", refsource: "SECUNIA", url: "http://secunia.com/advisories/30626", }, { name: "SSRT080082", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { name: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html", refsource: "MISC", url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html", }, { name: "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/06/09/1", }, { name: "HPSBMA02439", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2", }, { name: "VU#878044", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/878044", }, { name: "30647", refsource: "SECUNIA", url: "http://secunia.com/advisories/30647", }, { name: "238865", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1", }, { name: "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded", }, { name: "ADV-2008-1836", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1836/references", }, { name: "33003", refsource: "SECUNIA", url: "http://secunia.com/advisories/33003", }, { name: "20080610 SNMP Version 3 Authentication Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml", }, { name: "ADV-2008-2361", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2361", }, { name: "31568", refsource: "SECUNIA", url: "http://secunia.com/advisories/31568", }, { name: "31467", refsource: "SECUNIA", url: "http://secunia.com/advisories/31467", }, { name: "APPLE-SA-2008-06-30", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "DSA-1663", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1663", }, { name: "TA08-162A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html", }, { name: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87", refsource: "CONFIRM", url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87", }, { name: "http://www.ocert.org/advisories/ocert-2008-006.html", refsource: "MISC", url: "http://www.ocert.org/advisories/ocert-2008-006.html", }, { name: "RHSA-2008:0528", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html", }, { name: "3933", refsource: "SREASON", url: "http://securityreason.com/securityalert/3933", }, { name: "RHSA-2008:0529", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html", }, { name: "30612", refsource: "SECUNIA", url: "http://secunia.com/advisories/30612", }, { name: "30802", refsource: "SECUNIA", url: "http://secunia.com/advisories/30802", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=447974", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974", }, { name: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { name: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z", refsource: "CONFIRM", url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z", }, { name: "5790", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/5790", }, { name: "ADV-2008-1797", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1797/references", }, { name: "GLSA-200808-02", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200808-02.xml", }, { name: "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded", }, { name: "30665", refsource: "SECUNIA", url: "http://secunia.com/advisories/30665", }, { name: "FEDORA-2008-5218", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html", }, { name: "FEDORA-2008-5224", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html", }, { name: "ADV-2008-1800", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1800/references", }, { name: "MDVSA-2008:118", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118", }, { name: "USN-685-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-685-1", }, { name: "http://sourceforge.net/forum/forum.php?forum_id=833770", refsource: "CONFIRM", url: "http://sourceforge.net/forum/forum.php?forum_id=833770", }, { name: "1020218", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020218", }, { name: "30596", refsource: "SECUNIA", url: "http://secunia.com/advisories/30596", }, { name: "oval:org.mitre.oval:def:5785", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785", }, { name: "ADV-2009-1612", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1612", }, { name: "30574", refsource: "SECUNIA", url: "http://secunia.com/advisories/30574", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2008-0960", datePublished: "2008-06-10T18:00:00", dateReserved: "2008-02-25T00:00:00", dateUpdated: "2024-08-07T08:01:40.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }