Lucene search
F5F5:K8939HistoryMar 19, 2013 - 12:00 a.m.
K8939 : SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2013-03-1900:00:00
my.f5.com
36
Security Advisory Description
Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.F5 products and versions that have been evaluated for this Security Advisory
| Product | Affected | Not Affected |
|---|---|---|
| BIG-IP LTM | 9.3.0 - 9.3.1 | |
| 9.4.0 - 9.4.5 | ||
| 9.6.0 - 9.6.1 | 9.3.1-HF3 and later | |
| 9.4.5-HF2 and later | ||
| 9.4.6 - 9.4.8 | ||
| 9.6.1-HF2 and later | ||
| 10.x | ||
| 11.x | ||
| BIG-IP GTM | 9.3.0 - 9.3.1 | |
| 9.4.0 - 9.4.5 | 9.3.1-HF3 and later | |
| 9.4.5-HF2 and later | ||
| 9.4.6 - 9.4.8 | ||
| 10.x | ||
| 11.x | ||
| BIG-IP ASM | 9.3.0 - 9.3.1 | |
| 9.4.0 - 9.4.5 | 9.3.1-HF3 and later | |
| 9.4.5-HF2 and later | ||
| 9.4.6 - 9.4.8 | ||
| 10.x | ||
| 11.x | ||
| BIG-IP Link Controller | 9.3.0 - 9.3.1 | |
| 9.4.0 - 9.4.5 | 9.3.1-HF3 and later | |
| 9.4.5-HF2 and later | ||
| 9.4.6 - 9.4.8 | ||
| 10.x | ||
| 11.x | ||
| BIG-IP WebAccelerator | 9.4.0 - 9.4.5 | 9.4.5-HF2 and later |
| 9.4.6 - 9.4.8 | ||
| 10.x | ||
| 11.x | ||
| BIG-IP PSM | 9.4.5 | 9.4.5-HF2 and later |
| 9.4.6 - 9.4.8 | ||
| 10.x | ||
| 11.x | ||
| BIG-IP WAN Optimization | None | 10.x |
| 11.x | ||
| BIG-IP APM | None | 10.x |
| 11.x | ||
| BIG-IP Edge Gateway | None | 10.x |
| 11.x | ||
| BIG-IP Analytics | None | 11.x |
| BIG-IP AFM | None | 11.x |
| BIG-IP PEM | None | 11.x |
| FirePass | 5.5.0 - 5.5.2 | |
| 6.0.0 - 6.0.2 | 6.0.3 | |
| 6.1.x | ||
| 7.x | ||
| Enterprise Manager | 1.2.0 - 1.6.0 | 1.7.0 - 1.8.0 |
| 2.x | ||
| 3.x | ||
| ARX | None | 2.x |
| 3.x | ||
| 4.x | ||
| 5.x | ||
| 6.x | ||
| SNMPv3 HMAC verification relies on the client to specify the HMAC length. This flexibility allows remote attackers to bypass SNMP authentication by specifying a length value of 1, which only checks the first byte. | ||
| Information about this advisory is available at the following locations: | ||
| <https://vulners.com/cve/CVE-2008-0960> | ||
| <http://www.kb.cert.org/vuls/id/878044> | ||
| F5 Product Development tracked this issue as CR99838 for BIG-IP LTM, GTM, ASM, PSM, Link Controller, and WebAccelerator and it was fixed in BIG-IP 9.4.6 and 10.0.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, Link Controller, or WebAccelerator release notes. | ||
| This issue was also tracked as CR99838 for Enterprise Manager, and it was fixed in Enterprise Manager 1.7.0. For information about upgrading, refer to the Enterprise Manager release notes. | ||
| F5 Product Development tracked this issue as CR100973 for FirePass and it was fixed in FirePass 6.0.3. For information about upgrading, refer to the FirePass release notes. | ||
| This issue still exists in the FirePass 5.x branch. | ||
| Additionally, this issue was fixed in Hotfix-BIG-IP-9.3.1-HF3 issued for BIG-IP 9.3.1, Hotfix-BIG-IP-9.4.5-HF2 issued for BIG-IP 9.4.5, Hotfix-BIG-IP-9.6.1-HF2 issued for BIG-IP 9.6.1, and FirePass HF-100973 issued for FirePass 6.0.2. You may download these hotfixes or later versions of the hotfixes from the F5 Downloads site. | ||
| To view a list of the latest available hotfixes, refer to K9502: BIG-IP hotfix matrix. | ||
| For information about the F5 hotfix policy, refer to K4918: Overview of F5 critical issue hotfix policy. | ||
| For information about how to manage F5 product hotfixes, refer to K6845: Managing F5 product hotfixes. | ||
| Obtaining and installing patches | ||
| You can download patches from the F5 Downloads site for the following products and versions: | ||
| Product | Version | Hotfix |
| — | — | — |
| FirePass | 5.5.0 | hotfix-100973 |
| FirePass | 5.5.1 | hotfix-100973 |
| FirePass | 5.5.2 | hotfix-100973 |
| FirePass | 6.0.1 | hotfix-100973 |
| FirePass | 6.0.2 | hotfix-100973 |
| BIG-IP SAM | 8.0.0 | Secure Access Manager 8.0.0 HF1 |
| Workaround | ||
| You can work around this issue for FirePass by disabling the SNMP agent. To disable the SNMP agent, perform the following procedure: |
- Log on to the FirePass Administrative Console.
- Navigate to Device Management >Configuration.
- Click SNMP.
- If you are running FirePass 6.x, clear the Start SNMP agent check box.
If you are running FirePass 5.x, clear the Run SNMP agent on portcheck box.
5. Click Submit.
Related
f5
f5
SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2008-07-15 00:00:00
SOL9025 - FirePass SNMP DoS vulnerability
2008-07-31 00:00:00
K9025 : FirePass SNMP DoS vulnerability
2013-03-18 00:00:00
exploitpack
exploitpack
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
checkpoint_security
checkpoint_security
Check Point response to NET-SNMP vulnerability CVE-2008-0960
2008-06-04 21:00:00
redhat
redhat
(RHSA-2008:0528) Moderate: ucd-snmp security update
2008-06-10 00:00:00
(RHSA-2008:0529) Moderate: net-snmp security update
2008-06-10 00:00:00
debiancve
debiancve
CVE-2008-0960
2008-06-10 18:32:00
nessus
nessus
HP-UX PHSS_39887 : HP OpenView SNMP Emanate Master Agent Remote Unauthorized Access (HPSBMA02439 SSRT080082 rev.3)
2010-07-19 00:00:00
HP-UX PHSS_39886 : HP OpenView SNMP Emanate Master Agent Remote Unauthorized Access (HPSBMA02439 SSRT080082 rev.3)
2010-07-19 00:00:00
Multiple Vendor HMAC Authentication SNMPv3 Authentication Bypass
2009-07-31 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SNMPV3
2008-06-10 18:32:00
openvas
openvas
CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386
2009-02-27 00:00:00
RedHat Update for ucd-snmp RHSA-2008:0528-01
2009-03-06 00:00:00
RedHat Update for ucd-snmp RHSA-2008:0528-01
2009-03-06 00:00:00
prion
prion
Authentication flaw
2008-06-10 18:32:00
securityvulns
securityvulns
Multiple SNMPv3 authentication implementations bypass
2008-06-10 00:00:00
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing
2008-06-10 00:00:00
Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass (CVE-2008-0960)
2008-06-22 00:00:00
nvd
nvd
CVE-2008-0960
2008-06-10 18:32:00
centos
centos
ucd security update
2008-06-10 23:24:29
net security update
2008-06-10 20:39:52
veracode
veracode
Authentication Bypass
2020-04-10 00:31:19
cve
cve
CVE-2008-0960
2008-06-10 18:32:00
seebug
seebug
Net-SNMP远程绕过认证漏洞
2008-06-14 00:00:00
SNMPv3 HMAC validation error Remote Authentication Bypass Exploit
2008-06-12 00:00:00
cvelist
cvelist
CVE-2008-0960
2008-06-10 18:00:00
ubuntucve
ubuntucve
CVE-2008-0960
2008-06-10 00:00:00
cisco
cisco
SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
exploitdb
exploitdb
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
gentoo
gentoo
Net-SNMP: Multiple vulnerabilities
2008-08-06 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-18.fc9
2008-06-11 04:39:24
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-7.fc8
2008-06-11 04:39:34
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-8.fc8
2008-11-06 04:05:02
cert
cert
SNMPv3 improper HMAC validation allows authentication bypass
2008-06-10 00:00:00
slackware
slackware
[slackware-security] net-snmp
2008-07-29 05:33:31
oraclelinux
oraclelinux
net-snmp security update
2008-06-10 00:00:00
ubuntu
ubuntu
Net-SNMP vulnerabilities
2008-12-03 00:00:00
debian
debian
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-09 09:49:16
osv
osv
net-snmp - several vulnerabilities
2008-11-09 00:00:00
vmware
vmware
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
suse
suse
authentication bypass, denial-of-service in net-snmp
2008-08-01 13:33:56