HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-30
SNMPv3 improper HMAC validation vulnerability

Original issue date: June 12, 2008

Severity Rating: Medium

Systems Affected

•  Multiple implementations of SNMP V3

Overview

A vulnerability has been reported in SNMPv3 implementations while handling specially crafted packets which may allow to bypass authentication.

Description

 The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. SNMPv3 supports a user-based security model that incorporates security features such as authentication, message integrity and encryption. Authentication for SNMPv3 is done using keyed-hash message authentication code (HMAC), which is calculated using a cryptographic hash function in combination with a secret key.

The vulnerability is caused due to an error within the verification of the HMAC digest. Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte. A carefully crafted SNMPv3 packet containing shortened HMAC code in the authenticator field may get passed in the authentication check. Successful exploitation of this vulnerability could result in the disclosure of sensitive information on a device or allow an attacker to make configuration changes to a vulnerable device.


Workarounds

  • Encrypt the SNMPv3 traffic using a secret, private key.
  • Restrict access to SNMPv3 via access lists.
  • Use anti-spoofing IP address technologies like Unicast Reverse Path Forwarding (URPF) and IP source guard (IPSG).

Solution

Apply appropriate patches or fixes released by respective vendors.

References

US-CERT
http://www.kb.cert.org/vuls/id/878044
http://www.us-cert.gov/current/index.html#snmpv3_
authentication_bypass_vulnerability

Secunia
http://secunia.com/advisories/30574/

SecurityFocus
http://www.securityfocus.com/bid/29623

oCERT
http://www.ocert.org/advisories/ocert-2008-006.html

Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20080610
-snmpv3.shtml
http://www.cisco.com/en/US/products/products_applied_mitigation
_bulletin09186a00809adfc8.html

RedHat
http://rhn.redhat.com/errata/RHSA-2008-0528.html

Juniper Networks
https://www2.juniper.net/kb/viewka.jsp?txtKANumber=34284
(Support login required)

CVE-Name
CVE-2008-0960

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003