[nsp-sec] Juniper Networks advisory re SNMPv3

Smith, Donald Donald.Smith at qwest.com
Tue Jun 10 16:34:02 EDT 2008 

Thanks Paul that helps a lot!!
I know how your name got in there and REALLY do appreciate you building
those specials for us late last year!!


Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: Paul Goyette [mailto:pgoyette at juniper.net] 
> Sent: Tuesday, June 10, 2008 2:30 PM
> To: Smith, Donald; nsp-security at puck.nether.net
> Subject: RE: [nsp-sec] Juniper Networks advisory re SNMPv3
> 
> I didn't actually build it, I just invoked the standard
> "build everything" script!  (And in the future, I'll be
> changing my name to 'jtac-builder' to avoid confusion
> and liability :)  !)
> 
> All of our released software uses the Epilogue SNMP 
> library.  We've switching to net-snmp in 9.2 IIRC.
> 
> Paul Goyette
> Juniper Networks Customer Service
> JTAC Senior Escalation Engineer
> Juniper Security Incident Response Team
> PGP Key ID 0x53BA7731 Fingerprint:
>   FA29 0E3B 35AF E8AE 6651
>   0786 F758 55DE 53BA 7731 
> 
> > -----Original Message-----
> > From: Smith, Donald [mailto:Donald.Smith at qwest.com] 
> > Sent: Tuesday, June 10, 2008 12:56 PM
> > To: Paul Goyette; nsp-security at puck.nether.net
> > Subject: RE: [nsp-sec] Juniper Networks advisory re SNMPv3
> > 
> > Which snmpd does JUNOS use?
> > The reason I ask is net-snmp is often included with various 
> flavors of
> > BSD.
> > 
> > The reason I ask you is you appear to have built it;)
> > SNMPD release 7.4I0 built by pgoyette on 2007-12-13 04:57:17 UTC
> > 
> > 
> > 
> > Security through obscurity WORKS against some worms and ssh 
> attacks:)
> > Donald.Smith at qwest.com giac 
> > 
> > > -----Original Message-----
> > > From: nsp-security-bounces at puck.nether.net 
> > > [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> > > Paul Goyette
> > > Sent: Tuesday, June 10, 2008 12:23 PM
> > > To: nsp-security at puck.nether.net
> > > Subject: [nsp-sec] Juniper Networks advisory re SNMPv3
> > > 
> > > ----------- nsp-security Confidential --------
> > > 
> > > Looks like Juniper got lucky this time.  Only one of our
> > > products is affected, and it's probably not widely used
> > > in the Service Provider space...
> > > 
> > > 	PSN-2008-06-005 
> > > 	Title:              Authentication vulnerability in some 
> > > 	                    implementations of SNMPv3 (CERT/CC 
> > > 	                    VU#878044) 
> > > 	Products Affected:  C-series Session and Resource Control 
> > > 	                    appliances 
> > > 	Platforms Affected: SRC Software 
> > >  
> > > 	Issue
> > > 	-----
> > > 	Certain implementations of SNMPv3 have a minor deficiency 
> > > 	in the way HMAC authentication is performed. This can lead 
> > > 	to isolated cases of spoofed SNMPv3 authentication. 
> > > 
> > > 	This issue is tracked in TIC.14989 and TIC.14990 for the
> > > 	C-series Session and Resource Control appliances running 
> > > 	SRC. US-CERT has assigned VU#878044 to track this 
> > > 	vulnerability. 
> > > 
> > > 	No other Juniper Networks products are affected by this 
> > > 	vulnerability. 
> > > 
> > > 	Solution
> > > 	--------
> > > 	The code has been modified to properly perform HMAC 
> > > 	authentication. These modifications eliminate this method 
> > > 	of being erroneously authenticated to the device. 
> > > 
> > > 	Solution Implementation
> > > 	-----------------------
> > > 	Customers running SRC 1.0.0, 1.0.1, or 2.0.0 should contact 
> > > 	Juniper Networks Customer Support to obtain updated versions 
> > > 	of the software for the C-series platform. Customers 
> > > 	utilizing a C-series Session and Resource Control appliance 
> > > 	should upgrade their software to a release dated after June 
> > > 	13, 2008. 
> > > 
> > > 	Workarounds
> > > 	-----------
> > > 	There are several mitigation techniques available to avoid 
> > > 	this authentication vulnerability: 
> > > 
> > > 	* Disable SNMPv3 on the affected device. 
> > > 	* Restrict access to SNMPv3 via access lists. 
> > > 
> > > 	Disclaimer
> > > 	----------
> > > 	Juniper Networks is providing this notice on an "AS IS" basis. 
> > > 	No warranty or guarantee of any kind is expressed in this 
> > > 	notice and none should be implied. Juniper Networks expressly 
> > > 	excludes and disclaims any warranties regarding this notice or 
> > > 	materials referred to in this notice, including, without 
> > > 	limitation, any implied warranty of merchantability, fitness 
> > > 	for a particular purpose, absence of hidden defects, or of 
> > > 	noninfringement. Your use or reliance on this notice or 
> > > 	materials referred to in this notice is at your own risk. 
> > > 	Juniper Networks may change this notice at any time. 
> > >  
> > > 
> > > Paul Goyette
> > > Juniper Networks Customer Service
> > > JTAC Senior Escalation Engineer
> > > Juniper Security Incident Response Team
> > > PGP Key ID 0x53BA7731 Fingerprint:
> > >   FA29 0E3B 35AF E8AE 6651
> > >   0786 F758 55DE 53BA 7731
> > > 
> > > 
> > > _______________________________________________
> > > nsp-security mailing list
> > > nsp-security at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/nsp-security
> > > 
> > > Please do not Forward, CC, or BCC this E-mail outside of the 
> > > nsp-security
> > > community. Confidentiality is essential for effective 
> > > Internet security counter-measures.
> > > _______________________________________________
> > > 
> > > 
> > 
> > 
> > This communication is the property of Qwest and may contain 
> > confidential or
> > privileged information. Unauthorized use of this 
> > communication is strictly 
> > prohibited and may be unlawful.  If you have received this 
> > communication 
> > in error, please immediately notify the sender by reply 
> > e-mail and destroy 
> > all copies of the communication and any attachments.
> > 
>

More information about the nsp-security mailing list