• 공개일 : 2008-06-11
• 변경일 : 2011-03-07

• 위험도: 10.0
• 액세스 벡터 : NETWORK
• 액세스 복잡성 : 낮음
• 인증 : 없음
• 기밀성 영향 : 전체
• 무결성 영향 : 전체
• 가용성 영향 : 전체
• 출처 : http://nvd.nist.gov
• 공개일 : 2008-06-11

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

• CERT, TA08-162A
• CONFIRM, http://www.kb.cert.org/vuls/id/MIMG-7ETS87
• CONFIRM, http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z
• CONFIRM, http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q
• CERT-VN, VU#878044
• BID, 29623
• DEBIAN, DSA-1663
• FEDORA, FEDORA-2008-5218
• FEDORA, FEDORA-2008-5224
• FEDORA, FEDORA-2008-5215
• CONFIRM, https://bugzilla.redhat.com/show_bug.cgi?id=447974
• VUPEN, ADV-2009-1612
• VUPEN, ADV-2008-2971
• VUPEN, ADV-2008-2361
• VUPEN, ADV-2008-1981
• VUPEN, ADV-2008-1836
• VUPEN, ADV-2008-1801
• VUPEN, ADV-2008-1800
• VUPEN, ADV-2008-1797
• VUPEN, ADV-2008-1788
• VUPEN, ADV-2008-1787
• MISC, http://www.vmware.com/security/advisories/VMSA-2008-0017.html
• CONFIRM, http://www.vmware.com/security/advisories/VMSA-2008-0013.html
• UBUNTU, USN-685-1
• SECTRACK, 1020218
• BUGTRAQ, 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, l..
• BUGTRAQ, 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authenti..
• REDHAT, RHSA-2008:0529
• MLIST, [oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations ..
• MISC, http://www.ocert.org/advisories/ocert-2008-006.html
• MILW0RM, 5790
• MANDRIVA, MDVSA-2008:118
• CISCO, 20080610 SNMP Version 3 Authentication Vulnerabilities
• CONFIRM, http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm
• CONFIRM, http://support.apple.com/kb/HT2163
• SUNALERT, 238865
• CONFIRM, http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&grou..
• CONFIRM, http://sourceforge.net/forum/forum.php?forum_id=833770
• SREASON, 3933
• GENTOO, GLSA-200808-02
• SECUNIA, 35463
• SECUNIA, 33003
• SECUNIA, 32664
• SECUNIA, 31568
• SECUNIA, 31467
• SECUNIA, 31351
• SECUNIA, 31334
• SECUNIA, 30802
• SECUNIA, 30665
• SECUNIA, 30648
• SECUNIA, 30647
• SECUNIA, 30626
• SECUNIA, 30615
• SECUNIA, 30612
• SECUNIA, 30596
• SECUNIA, 30574
• REDHAT, RHSA-2008:0528
• HP, SSRT080082
• HP, SSRT080082
• SUSE, SUSE-SA:2008:039
• MLIST, [productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3..
• APPLE, APPLE-SA-2008-06-30

• ingate ingate_firewall 2.5.0
• cisco catos 7.3.1
• cisco cisco_ios 12.3
• ingate ingate_firewall 4.1.3
• cisco cisco_ios 12.2
• cisco ios_xr 2.0
• ingate ingate_firewall 2.2.2
• cisco mds_9140
• net-snmp net_snmp 5.0.6
• cisco ios_xr 3.0
• ingate ingate_siparator 4.2.2
• cisco cisco_ios 12.2
• ingate ingate_siparator 2.6.1
• cisco ace_xml_gateway 5.2
• ingate ingate_siparator 4.4.1
• cisco cisco_ios 12.2
• ingate ingate_siparator 4.2.1
• cisco catos 7.1.1
• ingate ingate_siparator 3.3.1
• ingate ingate_firewall 3.1.1
• juniper session_and_resource_control 1.0
• ingate ingate_siparator 4.2.3
• ecos_sourceware ecos 1.3.1
• ingate ingate_firewall 4.2.2
• cisco cisco_ios 12.4
• ingate ingate_siparator 4.1.3
• ingate ingate_siparator 4.3.1
• ingate ingate_siparator 4.5.2
• cisco cisco_ios 12.3
• cisco mds_9124
• cisco mds_9134
• cisco ios 11.1
• ingate ingate_siparator 4.3.4
• cisco ace_xml_gateway 6.0
• cisco cisco_ios 12.4
• cisco cisco_ios 12.3
• ingate ingate_firewall 2.3.0
• ingate ingate_firewall 2.4.0
• net-snmp net_snmp 5.0.4
• ingate ingate_firewall 4.2.3
• cisco ios 11.3
• ingate ingate_firewall 2.2.0
• cisco ios 10.0
• cisco ios_xr 3.6
• ingate ingate_siparator 3.2.1
• hp openview_snmp_emanate_master_agent 15.0
• sun solaris 10.0 x86
• cisco nx_os 4.0.1
• ingate ingate_siparator 4.1.0
• ingate ingate_siparator 3.2.2
• ingate ingate_firewall 4.4.1
• net-snmp net_snmp 5.2
• cisco ios 11.0
• cisco ios_xr 3.7
• net-snmp net_snmp 5.0.5
• net-snmp net_snmp 5.3.0.1
• cisco ios_xr 3.5
• ingate ingate_siparator 2.3.0
• cisco cisco_ios 12.4
• ingate ingate_firewall 3.2.0
• ingate ingate_firewall 2.6.0
• ecos_sourceware ecos 2.0
• net-snmp net_snmp 5.0.9
• cisco cisco_ios 12.4
• cisco cisco_ios 12.3
• ecos_sourceware ecos 1.1
• cisco cisco_ios 12.2
• sun solaris 10.0
• cisco ace_4710
• cisco ace_20_6509_bundle_with_8gbps_throughput
• ingate ingate_siparator 4.6.0
• net-snmp net_snmp 5.0.1
• ingate ingate_firewall 4.1.0
• cisco ace_10_6504_bundle_with_4_gbps_throughput
• ingate ingate_firewall 4.5.2
• juniper src_pe 1.0
• ingate ingate_siparator 2.2.1
• ingate ingate_siparator 4.5.1
• cisco catos 7.4.1
• cisco cisco_ios 12.3
• net-snmp net_snmp 5.0.8
• ingate ingate_siparator 2.4.1
• cisco cisco_ios 12.2
• cisco ios_xr 3.4
• ingate ingate_firewall 4.4.2
• ingate ingate_firewall 3.1.0
• cisco cisco_ios 12.1
• cisco cisco_ios 12.2
• ingate ingate_siparator 3.1.3
• cisco cisco_ios 12.4
• cisco cisco_ios 12.3
• cisco nx_os 4.0.2
• ingate ingate_siparator 2.2.2
• ingate ingate_firewall 3.0.2
• cisco cisco_ios 12.4
• cisco cisco_ios 12.2
• net-snmp net_snmp 5.1.1
• ingate ingate_siparator 3.0.2
• cisco ios_xr 3.2
• cisco catos 8.3
• cisco ios 12.2
• net-snmp net_snmp 5.3
• cisco cisco_ios 12.4
• cisco ace_10_6509_bundle_with_8_gbps_throughput
• ingate ingate_firewall 3.1.4
• cisco cisco_ios 12.3
• cisco cisco_ios 12.3
• cisco cisco_ios 12.2
• ingate ingate_siparator 2.4.0
• ecos_sourceware ecos 2.0
• ingate ingate_siparator 3.2.0
• ingate ingate_siparator 2.6.0
• cisco ace_10_service_module
• cisco cisco_ios 12.0
• cisco cisco_ios 12.3
• ingate ingate_firewall 4.6.1
• cisco cisco_ios 12.3
• cisco cisco_ios 12.2
• ingate ingate_siparator 3.1.4
• cisco ios_xr 3.3
• juniper session_and_resource_control 2.0
• ingate ingate_firewall 2.6.1
• ingate ingate_siparator 4.4.2
• ingate ingate_siparator 2.5.0
• net-snmp net_snmp 5.1
• ingate ingate_siparator 3.1.1
• cisco cisco_ios 12.3
• ingate ingate_siparator 4.6.2
• ingate ingate_siparator 3.1.0
• ingate ingate_firewall 2.4.1
• cisco cisco_ios 12.3
• cisco ace_20_service_module
• cisco cisco_ios 12.3
• ingate ingate_firewall 4.2.1
• cisco ace_20_6504_bundle_with__4gbps_throughput
• net-snmp net_snmp 5.1.2
• cisco cisco_ios 12.3
• net-snmp net_snmp 5.0.7
• ingate ingate_siparator 4.6.1
• ingate ingate_firewall 3.3.1
• net-snmp net_snmp 5.4
• net-snmp net_snmp 5.0
• cisco cisco_ios 12.0
• net-snmp net_snmp 5.0.2
• cisco cisco_ios 12.2
• cisco cisco_ios 12.2
• ecos_sourceware ecos 1.2.1
• cisco cisco_ios 12.2
• juniper src_pe 2.0
• ingate ingate_firewall 3.1.3
• cisco cisco_ios 12.3
• ingate ingate_firewall 4.5.1
• cisco cisco_ios 12.3
• cisco mds_9120
• ingate ingate_firewall 2.2.1
• ingate ingate_firewall 4.3.1
• cisco cisco_ios 12.3
• cisco cisco_ios 12.2
• ingate ingate_firewall 4.6.0
• ingate ingate_firewall 4.6.2
• ingate ingate_siparator 2.2.0
• ingate ingate_firewall 3.2.2
• cisco cisco_ios 12.4
• ingate ingate_firewall 3.2.1
• cisco nx_os 4.0
• net-snmp net_snmp 5.0.3