[nsp-sec] Cisco Security Advisory: SNMP Version 3Authentication Vulnerabilities

Smith, Donald Donald.Smith at qwest.com
Wed Jun 11 08:30:18 EDT 2008 

Since this is a one byte HMAC hash attack it seems you would have to have an HMAC configured to get a match.
Thus I believe you have to have configured snmpv3 in order to be vulnerable. 
 
donald.smith at qwest.com giac

________________________________

From: nsp-security-bounces at puck.nether.net on behalf of Eli Dart
Sent: Tue 6/10/2008 5:26 PM
To: nsp-security at puck.nether.net
Subject: Re: [nsp-sec] Cisco Security Advisory: SNMP Version 3Authentication Vulnerabilities



----------- nsp-security Confidential --------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[snip]

> Multiple Cisco products contain either of two authentication
> vulnerabilities in the Simple Network Management Protocol version 3
> (SNMPv3) feature. These vulnerabilities can be exploited when
> processing a malformed SNMPv3 message. These vulnerabilities could
> allow the disclosure of network information or may enable an attacker
> to perform configuration changes to vulnerable devices. The SNMP
> server is an optional service that is disabled by default in Cisco
> products. Only SNMPv3 is impacted by these vulnerabilities.
            ^^^^^^^^^^^^^^^^^^^^^^^^

Does this mean that only SNMPv3 packets can exploit the vulnerability,
or that the router must be configured for SNMPv3 in order to be vulnerable?

For example, changing to a different version of SNMP is not listed in
the workarounds section.


                --eli

- --
Eli Dart                                         Office: (510) 486-5629
ESnet Network Engineering Group                  Fax:    (510) 486-6712
Lawrence Berkeley National Laboratory
PGP Key fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 5F82 B2B3

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkhPDZIACgkQLTFEeF+CsrPjNgCgxyL8Ylw6BbogHLBg359t3SZX
yDgAn14tHx7X+H7jpSp9t0UcSbu6jUgx
=x9vL
-----END PGP SIGNATURE-----


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________




This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

More information about the nsp-security mailing list