SuSE Update For Net-snmp SUSE-SA:2008:039 Network Vulnerability

Impact

authentication bypass, denial-of-service

Solution

Please Install the Updated Packages.

Insight

The net-snmp daemon implements the &quot simple network management protocol&quot . The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max). Additionally a buffer overflow in perl-snmp was fixed that can cause a denial-of-service/crash.

Affected

net-snmp on openSUSE 10.2, openSUSE 10.3, openSUSE 11.0, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SLE SDK 10 SP2, SUSE Linux Enterprise Server 10 SP1, SUSE Linux Enterprise Desktop 10 SP2, SUSE Linux Enterprise Server 10 SP2

References

http://www.novell.com/linux/security/advisories/2008_39_snmp.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0960, CVE-2008-1290, CVE-2008-1291, CVE-2008-1292, CVE-2008-2292

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SuSE Update for net-snmp SUSE-SA:2008:039

Take action and discover your vulnerabilities