SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044

2008-07-1500:00:00

support.f5.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Information about this advisory is available at the following locations:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960>

<http://www.kb.cert.org/vuls/id/878044>

F5 Product DevelopmentÂ tracked this issue as CR99838 forÂ BIG-IP LTM, GTM, ASM, PSM, Link Controller, and WebAccelerator and it was fixed in BIG-IP 9.4.6 and 10.0.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, Link Controller, or WebAccelerator release notes.

This issue was also tracked as CR99838 for Enterprise Manager, and it was fixed in Enterprise Manager 1.7.0.Â For information about upgrading, refer to the Enterprise Manager release notes.

F5 Product Development tracked this issue as CR100973 for FirePass and it was fixed in FirePass 6.0.3. For information about upgrading, refer to the FirePass release notes.

This issue still exists in the FirePass 5.x branch.

Additionally, thisÂ issue was fixed in Hotfix-BIG-IP-9.3.1-HF3 issued for BIG-IP 9.3.1, Hotfix-BIG-IP-9.4.5-HF2 issued for BIG-IP 9.4.5, Hotfix-BIG-IP-9.6.1-HF2 issued for BIG-IP 9.6.1, and FirePass HF-100973 issued for FirePass 6.0.2. You may download these hotfixes or later versions of the hotfixes from the F5 Downloads site.

To view a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.

For information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.

For information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.

Obtaining and installing patches

You can download patches from the F5 Downloads site for the following products and versions:

Product	Version	Hotfix	Installation File
FirePass	5.5.0	hotfix-100973	HF-100973-1-5.5-ALL-0.tar.gz.enc
FirePass	5.5.1	hotfix-100973	HF-100973-1-5.51-ALL-0.tar.gz.enc
FirePass	5.5.2	hotfix-100973	HF-100973-1-5.52-ALL-0.tar.gz.enc
FirePass	6.0.1	hotfix-100973	HF-100973-1-6.01-ALL-0.tar.gz.enc
FirePass	6.0.2	hotfix-100973	HF-100973-1-6.02-ALL-0.tar.gz.enc
BIG-IP SAM	8.0.0	Secure Access Manager 8.0.0 HF1	Hotfix-BIGIP_SAM-8.0.0-1561.0-HF1.im

Workaround

You can work around this issue for FirePass by disabling the SNMP agent. To disable the SNMP agent, perform the following procedure:

Log on to the FirePass Administrative Console.
Navigate to Device Management >Configuration.
Click SNMP.
If you are running FirePass 6.x, clear the Start SNMP agent check box.

If you are running FirePass 5.x, clear the Run SNMP agent on portcheck box.
5. Click Submit.

CPENameOperatorVersion
big-ip webacceleratorle9.4.5Â Â
big-ip gtmle9.4.5Â Â
firepassle6.0.2Â Â
big-ip ltmle9.6.1Â Â
big-ip asmle9.4.5Â Â
enterprise managerle1.6.0Â
big-ip psmle9.4.5Â Â
big-ip link controllerle9.4.5Â Â

Name	Operator	Version
big-ip webaccelerator	le	9.4.5Â Â
big-ip gtm	le	9.4.5Â Â
firepass	le	6.0.2Â Â
big-ip ltm	le	9.6.1Â Â
big-ip asm	le	9.4.5Â Â
enterprise manager	le	1.6.0Â
big-ip psm	le	9.4.5Â Â
big-ip link controller	le	9.4.5Â Â