Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-310
Vulnerability from certfr_avis
Une vulnérabilité affectant des produits Cisco permet à une personne malintentionnée de contourner la politique de sécurité.
Description
La vulnérabilité détaillée dans l'avis CERTA-2008-AVI-302 du 10 juin 2008 affecte également certains produits Cisco. Ainsi, une personne malveillante peut usurper des paquets en envoyant des messages d'authentification HMAC spécialement construits.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco CATOS 6.x, 7.x, 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cicso Application Control Engine XML Gateway ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Control Engine Appliance ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS 4.x ;",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SAN-OS 2.x, 3.x (MDS 9000).",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS 12.x, R12.x, XR 3.x ;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLa vuln\u00e9rabilit\u00e9 d\u00e9taill\u00e9e dans l\u0027avis CERTA-2008-AVI-302 du 10 juin\n2008 affecte \u00e9galement certains produits Cisco. Ainsi, une personne\nmalveillante peut usurper des paquets en envoyant des messages\nd\u0027authentification HMAC sp\u00e9cialement construits.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-0960",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0960"
}
],
"initial_release_date": "2008-06-11T00:00:00",
"last_revision_date": "2008-06-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080610-snmpv3 du 10 juin 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"title": "Document du CERTA CERTA-2008-AVI-302 du 10 juin 2008 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-302/index.html"
}
],
"reference": "CERTA-2008-AVI-310",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 affectant des produits Cisco permet \u00e0 une personne\nmalintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits CISCO",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis cisco-sa-20080610-snmpv3",
"url": null
}
]
}
CVE-2008-0960 (GCVE-0-2008-0960)
Vulnerability from cvelistv5
Published
2008-06-10 18:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-0960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30615"
},
{
"name": "http://support.apple.com/kb/HT2163",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30648"
},
{
"name": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"refsource": "MLIST",
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-006.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30802"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=833770",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-0960",
"datePublished": "2008-06-10T18:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…