Thinking OPEN

Catos 12.4 and prior [Unknown Severity]

By Security Team • Jun 10th, 2008 • Category: Security Notifications

Affects:

  • Catos 12.4 and prior [Unknown Severity]

Description

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; and (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-0960
Severity: Unknown Severity

National Vulnerabilities Database

NIST National Vulnerabilities Database

Related OLEX Packages: catos
Security Team

Security Team
We'll keep you safe. Trust us, that's our job. Even though, contrary to what our Avatar might imply, we're not all linebackers. In fact, some of us are quite petite. And others of us wear high heeled boots. Red. Wondering whether we also know what we're talking about? C'mon -have you read any of these security posts?
All posts by Security Team

Comments are closed.