• OAAIS Home
• Service Catalog
• News
• Projects

Critical Security Alert: SNMPv3 Authentication Bypass Vulnerability

SECURITY UPDATE:

The United States Computer Emergency Readiness Team (US-CERT) reported a vulnerability in the way implementations of Simple Network Management Protocol (SNMP)v3 handles specially crafted packets.  SNMP is a widely deployed protocol that is commonly used to monitor and manage network devices.

This vulnerability allows attackers to read and modify any SNMP object that can be accessed using the authentication credentials that got them into the system. Attackers exploiting this vulnerability can view and modify the configuration of these devices.

NOTE:  Attackers must gain access using credentials with write privileges in order to modify configurations.

For a complete description of the vulnerability, refer to US-CERT's “Technical Cyber Security Alert TA08-162A." 

AFFECTED SOFTWARE:
Multiple Implementations of SNMPv3

SOLUTION:

• Upgrade
  Consult with your vendor for more information.

• Apply a patch
  Net-SNMP has released a patch to address this issue.  For more information, refer to SECURITY RELEASE: Multiple Net-SNMP Versions Released. Users are encouraged to apply the patch as soon as possible.

• Enable the SNMPv3 privacy subsystem
  The configuration should be modified to enable the SNMPv3 privacy subsystem to encrypt the SNMPv3 traffic using a secret, private key. This option does not encrypt the HMAC, but does minimize the possible affects from this vulnerability.

ADDITIONAL INFORMATION:

Enterprise Information Security
http://security.ucsf.edu 

US-CERT Technical Cyber Security Alerts
http://www.us-cert.gov/cas/techalerts/

Please tell us what you think of our website

The University of California, San Francisco, CA 94143, 415/476-9000
Copyright © 2009, The Regents of the University of California.