Lucene search
F5F5:K9025HistoryMar 18, 2013 - 12:00 a.m.
K9025 : FirePass SNMP DoS vulnerability
2013-03-1800:00:00
my.f5.com
21
5.9 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.6%
Security Advisory Description
Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.F5 products and versions that have been evaluated for this Security Advisory
| Product | Affected | Not Affected |
|---|---|---|
| BIG-IP LTM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP GTM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP ASM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP Link Controller | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP WebAccelerator | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP PSM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP WAN Optimization | None | 10.x |
| 11.x | ||
| BIG-IP APM | None | 10.x |
| 11.x | ||
| BIG-IP Edge Gateway | None | 10.x |
| 11.x | ||
| BIG-IP Analytics | None | 11.x |
| BIG-IP AFM | None | 11.x |
| BIG-IP PEM | None | 11.x |
| FirePass | 5.5.2 | |
| 6.0.0 - 6.0.2 | 5.5.0 - 5.5.1 | |
| 6.0.3 | ||
| 6.1.x | ||
| 7.x | ||
| Enterprise Manager | None | 1.x |
| 2.x | ||
| 3.x | ||
| ARX | None | 2.x |
| 3.x | ||
| 4.x | ||
| 5.x | ||
| 6.x | ||
| This security advisory describes a FirePass SNMP denial-of-service (DoS) vulnerability. SNMP traversing (walking) the OID branch hrSWInstalled in the MIB**HOST-RESOURCES-MIB **on the FirePass controller causes the FirePass SNMP service to crash. Since SNMP access to the FirePass controller is limited to the host(s) and/or network(s) configured by the FirePass administrator, this vulnerability can only be exploited from a trusted host. Additionally, the SNMP read-only or read-write community string configured on the FirePass controller must be known in order to exploit this vulnerability. | ||
| This SNMP vulnerability can at most cause DoS of the FirePass SNMP service and cannot cause either unprivileged access to the FirePass controller or DoS of other FirePass services. | ||
| Information about this advisory is available at the following location: | ||
| <http://www.securityfocus.com/archive/1/493950/30/0/threaded> | ||
| F5 Product Development tracked this issue as CR102185 and it was fixed in FirePass 6.0.3. For information about upgrading, refer to the FirePass release notes. | ||
| Obtaining and installing patches | ||
| You can download patches from the F5 Downloads site for the following products and versions: | ||
| Product | Version | Hotfix |
| — | — | — |
| FirePass | 5.5.2 | hotfix-100973 |
| FirePass | 6.0.1 | hotfix-100973 |
| FirePass | 6.0.2 | hotfix-100973 |
| Important: Although FirePass 5.5.0 and 5.5.1 are not affected by the SNMP vulnerability described in this security advisory, hotfix-100973 has been issued for FirePass 5.5.0 and 5.5.1 to resolve the vulnerability described in K8939: SNMPv3 HMAC verification vulnerability - CVE-2008-0960 - VU#878044.Note: For more information about installing the hotfixes listed above, refer to the readme file on the F5 Downloads site for your version-specific hotfix. | ||
| For information about downloading software, refer to K167: Downloading software from F5 Networks. | ||
| Workaround | ||
| You can reduce the likelihood of this issue by ensuring that the Accessed from fields on the Device Management : Configuration : SNMP page contain only trusted hosts and networks. TheAccessed fromfields are located in theAccess Control section of the Device Management : Configuration : SNMP page. | ||
| If you do not use the FirePass SNMP agent, you can work around this issue by disabling the SNMP agent. To do so, perform the following procedure: |
- Log on to the FirePass Administrative Console.
- Navigate to Device Management >Configuration>SNMP.
- If you are running FirePass 6.x, clear the Start SNMP agent check box.
If you are running FirePass 5.x, clear the Run SNMP agent on portcheck box.
4. At the bottom of the page, click Submit.
Related
checkpoint_advisories
checkpoint_advisories
Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass (CVE-2008-0960)
2008-06-22 00:00:00
openvas
openvas
RedHat Update for ucd-snmp RHSA-2008:0528-01
2009-03-06 00:00:00
CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386
2009-02-27 00:00:00
RedHat Update for ucd-snmp RHSA-2008:0528-01
2009-03-06 00:00:00
nessus
nessus
SNMP Version 3 Authentication Vulnerabilities (cisco-sa-20080610-snmpv3)
2013-12-14 00:00:00
RHEL 2.1 : ucd-snmp (RHSA-2008:0528)
2008-06-12 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing
2008-06-10 00:00:00
Multiple SNMPv3 authentication implementations bypass
2008-06-10 00:00:00
ubuntucve
ubuntucve
CVE-2008-0960
2008-06-10 00:00:00
seebug
seebug
SNMPv3 HMAC validation error Remote Authentication Bypass Exploit
2008-06-12 00:00:00
Net-SNMP远程绕过认证漏洞
2008-06-14 00:00:00
f5
f5
K8939 : SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2013-03-19 00:00:00
SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2008-07-15 00:00:00
SOL9025 - FirePass SNMP DoS vulnerability
2008-07-31 00:00:00
cisco
cisco
SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
checkpoint_security
checkpoint_security
Check Point response to NET-SNMP vulnerability CVE-2008-0960
2008-06-04 21:00:00
redhat
redhat
(RHSA-2008:0528) Moderate: ucd-snmp security update
2008-06-10 00:00:00
(RHSA-2008:0529) Moderate: net-snmp security update
2008-06-10 00:00:00
exploitpack
exploitpack
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
debiancve
debiancve
CVE-2008-0960
2008-06-10 18:32:00
veracode
veracode
Authentication Bypass
2020-04-10 00:31:19
cve
cve
CVE-2008-0960
2008-06-10 18:32:00
centos
centos
ucd security update
2008-06-10 23:24:29
net security update
2008-06-10 20:39:52
d2
d2
DSquare Exploit Pack: D2SEC_SNMPV3
2008-06-10 18:32:00
prion
prion
Authentication flaw
2008-06-10 18:32:00
exploitdb
exploitdb
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
cert
cert
SNMPv3 improper HMAC validation allows authentication bypass
2008-06-10 00:00:00
oraclelinux
oraclelinux
net-snmp security update
2008-06-10 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-7.fc8
2008-06-11 04:39:34
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-18.fc9
2008-06-11 04:39:24
[SECURITY] Fedora 7 Update: net-snmp-5.4-18.fc7
2008-06-11 04:39:52
slackware
slackware
[slackware-security] net-snmp
2008-07-29 05:33:31
gentoo
gentoo
Net-SNMP: Multiple vulnerabilities
2008-08-06 00:00:00
debian
debian
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-09 09:49:16
osv
osv
net-snmp - several vulnerabilities
2008-11-09 00:00:00
ubuntu
ubuntu
Net-SNMP vulnerabilities
2008-12-03 00:00:00
vmware
vmware
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
suse
suse
authentication bypass, denial-of-service in net-snmp
2008-08-01 13:33:56
5.9 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.6%
Related for F5:K9025