{"sourceData": "\n #############################################################################\n# #\n# snmpv3_exp.sh exploit the vulnerability described in CVE-2008-0960, the #\n# HMAC check problem (on multiple vendor) #\n# #\n# Copyright (c) 2008 @ Mediaservice.net Srl. All rights reserved #\n# Wrote by Maurizio Agazzini <inode[at]mediaservice.net> #\n# http://lab.mediaservice.net/ #\n# #\n#############################################################################\n\nhttp://milw0rm.com/sploits/2008-snmpv3_exp.tgz\n\n# milw0rm.com [2008-06-12]\n\n ", "status": "poc", "history": [], "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-17266", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-17266", "type": "seebug", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "viewCount": 1, "references": [], "lastseen": "2017-11-19T21:40:29", "published": "2008-06-12T00:00:00", "objectVersion": "1.4", "cvelist": ["CVE-2008-0960"], "id": "SSV:17266", "enchantments_done": [], "modified": "2008-06-12T00:00:00", "title": "SNMPv3 HMAC validation error Remote Authentication Bypass Exploit", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "bulletinFamily": "exploit", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0960"]}, {"type": "f5", "idList": ["F5:K8939", "SOL8939", "SOL9025", "F5:K9025"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19997", "SECURITYVULNS:DOC:20005", "SECURITYVULNS:VULN:9069", "SECURITYVULNS:DOC:20828"]}, {"type": "d2", "idList": ["D2SEC_SNMPV3"]}, {"type": "redhat", "idList": ["RHSA-2008:0528", "RHSA-2008:0529"]}, {"type": "nessus", "idList": ["CISCO-SA-20080610-SNMPV3-IOSXR.NASL", "F5_BIGIP_SOL8939.NASL", "REDHAT-RHSA-2008-0528.NASL", "HPUX_PHSS_39886.NASL", "CISCO-SA-20080610-SNMPV3-NXOS.NASL", "SNMPV3_AUTHENTICATION_BYPASS.NASL", "CISCO-SA-20080610-SNMPV3HTTP.NASL", "HPUX_PHSS_39887.NASL", "SL_20080610_NET_SNMP_ON_SL3_X.NASL", "SLACKWARE_SSA_2008-210-07.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:880205", "OPENVAS:1361412562310870049", "OPENVAS:1361412562310880205", "OPENVAS:870049", "OPENVAS:860895", "OPENVAS:1361412562310830748", "OPENVAS:61393", "OPENVAS:860899", "OPENVAS:136141256231065573", "OPENVAS:136141256231061471"]}, {"type": "cisco", "idList": ["CISCO-SA-20080610-SNMPV3"]}, {"type": "exploitdb", "idList": ["EDB-ID:5790"]}, {"type": "seebug", "idList": ["SSV:3418"]}, {"type": "centos", "idList": ["CESA-2008:0528-01", "CESA-2008:0529"]}, {"type": "gentoo", "idList": ["GLSA-200808-02"]}, {"type": "cert", "idList": ["VU:878044"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0529"]}, {"type": "slackware", "idList": ["SSA-2008-210-07"]}, {"type": "ubuntu", "idList": ["USN-685-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1663-1:B5819"]}, {"type": "vmware", "idList": ["VMSA-2008-0017", "VMSA-2008-0013"]}, {"type": "suse", "idList": ["SUSE-SA:2008:039"]}], "modified": "2017-11-19T21:40:29"}, "vulnersScore": 7.5}, "_object_type": "robots.models.seebug.SeebugBulletin"}

{"cve": [{"lastseen": "2018-11-01T05:11:55", "bulletinFamily": "NVD", "description": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.", "modified": "2018-10-30T12:25:36", "published": "2008-06-10T14:32:00", "id": "CVE-2008-0960", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0960", "title": "CVE-2008-0960", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2019-02-20T21:07:55", "bulletinFamily": "software", "description": "", "modified": "2018-03-16T20:28:00", "published": "2008-07-16T04:00:00", "id": "F5:K8939", "href": "https://support.f5.com/csp/article/K8939", "title": "SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-03T05:28:01", "bulletinFamily": "software", "description": "Information about this advisory is available at the following locations:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960>\n\n<http://www.kb.cert.org/vuls/id/878044>\n\nF5 Product Development\u00c2 tracked this issue as CR99838 for\u00c2 BIG-IP LTM, GTM, ASM, PSM, Link Controller, and WebAccelerator and it was fixed in BIG-IP 9.4.6 and 10.0.0. For information about upgrading, refer to the BIG-IP [LTM](<https://support.f5.com/content/kb/en-us/products/big-ip_ltm.html>), [GTM](<https://support.f5.com/content/kb/en-us/products/big-ip_gtm.html>), [ASM](<https://support.f5.com/content/kb/en-us/products/big-ip_asm.html>), [PSM](<https://support.f5.com/content/kb/en-us/products/big-ip_psm.html>), [Link Controller](<https://support.f5.com/content/kb/en-us/products/lc_9_x.html>), or [WebAccelerator](<https://support.f5.com/content/kb/en-us/products/wa.html>) release notes.\n\nThis issue was also tracked as CR99838 for Enterprise Manager, and it was fixed in Enterprise Manager 1.7.0.\u00c2 For information about upgrading, refer to the [Enterprise Manager](<https://support.f5.com/content/kb/en-us/products/em.html>) release notes.\n\nF5 Product Development tracked this issue as CR100973 for FirePass and it was fixed in FirePass 6.0.3. For information about upgrading, refer to the [FirePass](<https://support.f5.com/kb/en-us/products/firepass.html>) release notes.\n\nThis issue still exists in the FirePass 5.x branch.\n\nAdditionally, this\u00c2 issue was fixed in Hotfix-BIG-IP-9.3.1-HF3 issued for BIG-IP 9.3.1, Hotfix-BIG-IP-9.4.5-HF2 issued for BIG-IP 9.4.5, Hotfix-BIG-IP-9.6.1-HF2 issued for BIG-IP 9.6.1, and FirePass HF-100973 issued for FirePass 6.0.2. You may download these hotfixes or later versions of the hotfixes from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nTo view a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\nObtaining and installing patches\n\nYou can download patches from the F5 [Downloads](<https://downloads.f5.com/esd/index.jsp>) site for the following products and versions:\n\nProduct| Version| Hotfix| Installation File \n---|---|---|--- \nFirePass| 5.5.0| hotfix-100973| HF-100973-1-5.5-ALL-0.tar.gz.enc \nFirePass| 5.5.1| hotfix-100973| HF-100973-1-5.51-ALL-0.tar.gz.enc \nFirePass| 5.5.2| hotfix-100973| HF-100973-1-5.52-ALL-0.tar.gz.enc \nFirePass| 6.0.1| hotfix-100973| HF-100973-1-6.01-ALL-0.tar.gz.enc \nFirePass| 6.0.2| hotfix-100973| HF-100973-1-6.02-ALL-0.tar.gz.enc \nBIG-IP SAM| 8.0.0| Secure Access Manager 8.0.0 HF1| Hotfix-BIGIP_SAM-8.0.0-1561.0-HF1.im \n \nWorkaround\n\nYou can work around this issue for FirePass by disabling the SNMP agent. To disable the SNMP agent, perform the following procedure:\n\n 1. Log on to the FirePass Administrative Console.\n 2. Navigate to **Device Management** &gt; **Configuration**.\n 3. Click **SNMP**.\n 4. If you are running FirePass 6.x, clear the **Start SNMP agent** check box. \n \nIf you are running FirePass 5.x, clear the **Run SNMP agent on port **check box.\n 5. Click **Submit**.\n", "modified": "2016-07-25T00:00:00", "published": "2008-07-15T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/8000/900/sol8939.html", "id": "SOL8939", "type": "f5", "title": "SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-05T13:26:29", "bulletinFamily": "software", "description": "This SNMP vulnerability can at most cause DoS of the FirePass SNMP service and cannot cause either unprivileged access to the FirePass controller or DoS of other FirePass services.\n\nInformation about this advisory is available at the following location:\n\n<http://www.securityfocus.com/archive/1/493950/30/0/threaded>\n\nF5 Product Development\u00c2 tracked this issue as CR102185 and it was fixed in\u00c2 FirePass 6.0.3. For information about upgrading, refer to the\u00c2 [FirePass](<https://support.f5.com/content/kb/en-us/products/firepass.html>) release notes.\n\nObtaining and installing patches\n\nYou can download patches from the F5 [Downloads](<https://downloads.f5.com/esd/index.jsp>) site for the following products and versions:\n\nProduct| Version| Hotfix| Installation File \n---|---|---|--- \nFirePass| 5.5.2| hotfix-100973| HF-100973-1-5.52-ALL-0.tar.gz.enc \nFirePass| 6.0.1| hotfix-100973| HF-100973-1-6.01-ALL-0.tar.gz.enc \nFirePass| 6.0.2| hotfix-100973| HF-100973-1-6.02-ALL-0.tar.gz.enc \n \n**Important**: Although FirePass 5.5.0 and 5.5.1 are not affected by the SNMP vulnerability described in this security advisory, hotfix-100973 has been issued for FirePass 5.5.0 and 5.5.1 to resolve the vulnerability described in SOL8939: SNMPv3 HMAC verification vulnerability - CVE-2008-0960 - VU#878044.\n\n**Note**: For more information about installing the hotfixes listed above, refer to the readme file on the F5 [Downloads](<https://downloads.f5.com/esd/index.jsp>) site for your version-specific hotfix.\n\nFor information about downloading software, refer to SOL167: Downloading software from F5 Networks.\n\nWorkaround\n\nYou can reduce the likelihood of this issue by ensuring that the **Accessed from** fields on the Device Management : Configuration : SNMP page contain only trusted hosts and networks. The **Accessed from** fields are located in the **Access Control** section of the Device Management : Configuration : SNMP page.\n\nIf you do not use the FirePass SNMP agent, you can work around this issue by disabling the SNMP agent. To do so, perform the following procedure:\n\n 1. Log on to the FirePass Administrative Console.\n 2. Navigate to **Device Management** &gt; **Configuration** &gt; **SNMP**.\n 3. If you are running FirePass 6.x, clear the **Start SNMP agent** check box. \n \nIf you are running FirePass 5.x, clear the **Run SNMP agent on port **check box.\n 4. At the bottom of the page, click **Submit**.\n", "modified": "2016-07-25T00:00:00", "published": "2008-07-31T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/9000/000/sol9025.html", "id": "SOL9025", "title": "SOL9025 - FirePass SNMP DoS vulnerability", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-20T21:07:43", "bulletinFamily": "software", "description": "", "modified": "2018-07-27T22:28:00", "published": "2008-08-01T04:00:00", "id": "F5:K9025", "href": "https://support.f5.com/csp/article/K9025", "title": "FirePass SNMP DoS vulnerability", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:20:31", "bulletinFamily": "scanner", "description": "Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. The vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document. Note: SNMP versions 1, 2 and 2c are not impacted by these vulnerabilities. The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044.", "modified": "2018-11-15T00:00:00", "id": "CISCO-SA-20080610-SNMPV3-IOSXR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71433", "published": "2013-12-14T00:00:00", "title": "SNMP Version 3 Authentication Vulnerabilities (cisco-sa-20080610-snmpv3)", "type": "nessus", "sourceData": "#TRUSTED 230cb5de09e9e006c1cc3f418f97a190742bb54d437019d17cc2b012781358d4bd1556f70008c8d30c1f2253cc8d564d531280390840311e4fc76c452d3984b5d25d656c2124db14af7c4f305ecbf145beb7e3dfedbf46be275887c1b8a2719dc696e65edf2ac739edb85594541a89dccf81cd6c4b55c376bae3c3e3f96422065d7edd22caef73842932188962e5f9a12ac894114617864c49a8b81b2e69f391ac6b78a2737b6aaf30c5a9dab72f9a7b156b605fd9c47751f6dd213b4870568552ced424e3ed5eb9894a357c9f722f8e03db0e3b9629b7b192adb0ef0ddf68a6b4129669bb7c5bca64f42338d38689e0ed44ae115ace42fbc290d092ccf56c65433bc94c6280638fc75ac0a2f312bf4ab2e39172e3527d53183269dc24e801dd9f58d1b11f98134c0fa049b2d534cf4b1cdcacff7af8c802277ab56cf4433156af9e5a1227c3966ff0472be218060b99419c1e6505e527b2ff1e6fbefda6908bb496d330bab30bd9d14d895798569680562401c1735b78d96731cd8de674b833f626bc5fa240d8a91ab6b81548ab8a8033e7f46d7ff470a52735a288fd47b7ccd08c4cde14458f1d944a01faeead2bc141d69f644510ae7a51a151d75588a46554bc0a759fa6649c44c39fe66cf7a7cfd929acde86f7ad5c791c43505f4a7b92ee60b16f1869044418a9578b1aa47884c3d50b670f8522475e6786d9f57e58bd\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Cisco Security Advisory cisco-sa-20080610-snmpv3.\n# The text itself is copyright (C) Cisco\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71433);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/11/15\");\n\n script_cve_id(\"CVE-2008-0960\");\n script_bugtraq_id(29623);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCsf30109\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20080610-snmpv3\");\n script_xref(name:\"CERT\", value:\"878044\");\n script_xref(name:\"EDB-ID\", value:\"5790\");\n\n script_name(english:\"SNMP Version 3 Authentication Vulnerabilities (cisco-sa-20080610-snmpv3)\");\n script_summary(english:\"Checks the IOS XR version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple Cisco products contain either of two authentication\nvulnerabilities in the Simple Network Management Protocol version 3\n(SNMPv3) feature. These vulnerabilities can be exploited when\nprocessing a malformed SNMPv3 message. The vulnerabilities could allow\nthe disclosure of network information or may enable an attacker to\nperform configuration changes to vulnerable devices. The SNMP server is\nan optional service that is disabled by default in Cisco products. Only\nSNMPv3 is impacted by these vulnerabilities. Workarounds are available\nfor mitigating the impact of the vulnerabilities described in this\ndocument. Note: SNMP versions 1, 2 and 2c are not impacted by these\nvulnerabilities. The United States Computer Emergency Response Team\n(US-CERT) has assigned Vulnerability Note VU#878044.\"\n );\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0784818d\");\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Apply the relevant patch referenced in Cisco Security Advisory\ncisco-sa-20080610-snmpv3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios_xr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CISCO\");\n\n script_dependencies(\"cisco_ios_xr_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS-XR/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nflag = 0;\nreport = \"\";\noverride = 0;\n\ncbi = \"CSCsf30109\";\n\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS-XR/Version\");\nif ((cisco_gen_ver_compare(a:version, b:\"3.3.1\") >= 0) && (cisco_gen_ver_compare(a:version, b:\"3.3.2\") == -1)) flag ++;\nfixed_ver = \"3.3.2.6\";\n\nif (get_kb_item(\"Host/local_checks_enabled\"))\n{\n if (flag)\n {\n flag = 0;\n buf = cisco_command_kb_item(\"Host/Cisco/Config/show_snmp_group\", \"show snmp group\");\n if (check_cisco_result(buf))\n {\n if (preg(multiline:TRUE, pattern:\"[Ss]ecurity\\s+[Mm]odel:usm\", string:buf)) { flag = 1; }\n } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }\n }\n}\n\nif (flag)\n{\n report =\n '\\n Cisco Bug ID : ' + cbi +\n '\\n Installed Release : ' + version +\n '\\n Fixed Release : ' + fixed_ver + '\\n';\n\n security_hole(port:0, extra:report + cisco_caveat(override));\n exit(0);\n\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:59", "bulletinFamily": "scanner", "description": "Updated ucd-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Simple Network Management Protocol (SNMP) is a protocol used for network management.\n\nA flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could use this flaw to spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n\nAll users of ucd-snmp should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2008-0528.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33156", "published": "2008-06-12T00:00:00", "title": "RHEL 2.1 : ucd-snmp (RHSA-2008:0528)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0528. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33156);\n script_version (\"1.33\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2008-0960\");\n script_bugtraq_id(29623);\n script_xref(name:\"RHSA\", value:\"2008:0528\");\n\n script_name(english:\"RHEL 2.1 : ucd-snmp (RHSA-2008:0528)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ucd-snmp packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Simple Network Management Protocol (SNMP) is a protocol used for\nnetwork management.\n\nA flaw was found in the way ucd-snmp checked an SNMPv3 packet's\nKeyed-Hash Message Authentication Code (HMAC). An attacker could use\nthis flaw to spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n\nAll users of ucd-snmp should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0528\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected ucd-snmp, ucd-snmp-devel and / or ucd-snmp-utils\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ucd-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ucd-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ucd-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0528\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ucd-snmp-4.2.5-8.AS21.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ucd-snmp-devel-4.2.5-8.AS21.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ucd-snmp-utils-4.2.5-8.AS21.7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucd-snmp / ucd-snmp-devel / ucd-snmp-utils\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:31", "bulletinFamily": "scanner", "description": "SNMPv3 HMAC verification relies on the client to specify the HMAC length. This flexibility allows remote attackers to bypass SNMP authentication by specifying a length value of 1 , which only checks the first byte.", "modified": "2019-01-04T00:00:00", "id": "F5_BIGIP_SOL8939.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78225", "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : SNMPv3 HMAC verification vulnerability (SOL8939)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL8939.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78225);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2008-0960\");\n script_bugtraq_id(29623);\n script_xref(name:\"CERT\", value:\"878044\");\n\n script_name(english:\"F5 Networks BIG-IP : SNMPv3 HMAC verification vulnerability (SOL8939)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SNMPv3 HMAC verification relies on the client to specify the HMAC\nlength. This flexibility allows remote attackers to bypass SNMP\nauthentication by specifying a length value of 1 , which only checks\nthe first byte.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K8939\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL8939.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL8939\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.3.0-9.3.1\",\"9.4.0-9.4.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.3.1HF3\",\"9.4.5HF2\",\"9.4.6-9.4.8\",\"10\",\"11\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.3.0-9.3.1\",\"9.4.0-9.4.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.3.1HF3\",\"9.4.5HF2\",\"9.4.6-9.4.8\",\"10\",\"11\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.3.0-9.3.1\",\"9.4.0-9.4.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.3.1HF3\",\"9.4.5HF2\",\"9.4.6-9.4.8\",\"10\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.3.0-9.3.1\",\"9.4.0-9.4.5\",\"9.6.0-9.6.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.3.1HF3\",\"9.4.5HF2\",\"9.4.6-9.4.8\",\"9.6.1HF2\",\"10\",\"11\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.5HF2\",\"9.4.6-9.4.8\",\"10\",\"11\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"9.4.0-9.4.5\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"9.4.5HF2\",\"9.4.6-9.4.8\",\"10\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:37", "bulletinFamily": "scanner", "description": "s700_800 11.X OV EMANATE15.3 PA-RISC Consolidated Patch 6 : \n\nA potential vulnerability has been identified with HP OpenView SNMP Emanate Master Agent Running on HP-UX, Linux, Solaris, and Windows.\nThe vulnerability could be exploited remotely to gain unauthorized access.", "modified": "2018-07-12T00:00:00", "id": "HPUX_PHSS_39886.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47753", "published": "2010-07-19T00:00:00", "title": "HP-UX PHSS_39886 : HP OpenView SNMP Emanate Master Agent Remote Unauthorized Access (HPSBMA02439 SSRT080082 rev.3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_39886. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47753);\n script_version(\"1.28\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2008-0960\");\n script_bugtraq_id(29623);\n script_xref(name:\"HP\", value:\"emr_na-c01757418\");\n script_xref(name:\"HP\", value:\"SSRT080082\");\n\n script_name(english:\"HP-UX PHSS_39886 : HP OpenView SNMP Emanate Master Agent Remote Unauthorized Access (HPSBMA02439 SSRT080082 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV EMANATE15.3 PA-RISC Consolidated Patch 6 : \n\nA potential vulnerability has been identified with HP OpenView SNMP\nEmanate Master Agent Running on HP-UX, Linux, Solaris, and Windows.\nThe vulnerability could be exploited remotely to gain unauthorized\naccess.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01757418\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5cc54a7f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_39886 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/21\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11 11.23 11.31\", proc:\"parisc\"))\n{\n exit(0, \"The host is not affected since PHSS_39886 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_39886\", \"PHSS_41032\", \"PHSS_41556\", \"PHSS_42775\", \"PHSS_43156\", \"PHSS_43646\", \"PHSS_43817\", \"PHSS_44264\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.11.00\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.23.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.31.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.11.00\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.23.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.31.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.11.00\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.23.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.31.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.11.00\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.23.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.31.01\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:14", "bulletinFamily": "scanner", "description": "SNMPv3 HMAC verification relies on the client to specify the HMAC length. This makes it possible for remote attackers to bypass SNMP authentication via repeated attempts with a HMAC length value of 1, which causes only the first byte of the authentication hash to be checked. \n\nThis issue affects SNMP implementations from multiple vendors.", "modified": "2018-07-30T00:00:00", "id": "SNMPV3_AUTHENTICATION_BYPASS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40449", "published": "2009-07-31T00:00:00", "title": "Multiple Vendor HMAC Authentication SNMPv3 Authentication Bypass", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40449);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2008-0960\");\n script_bugtraq_id(29623);\n script_xref(name:\"CERT\", value:\"878044\");\n script_xref(name:\"EDB-ID\", value:\"5790\");\n\n script_name(english:\"Multiple Vendor HMAC Authentication SNMPv3 Authentication Bypass\");\n script_summary(english:'Makes repeated attempts to authenticate with a single character authentication hash.' );\n\n script_set_attribute(attribute:'synopsis', value:\n\"The SNMP server running on this host is affected by an authentication\nbypass vulnerability.\");\n script_set_attribute(attribute:'description', value:\n\"SNMPv3 HMAC verification relies on the client to specify the HMAC\nlength. This makes it possible for remote attackers to bypass SNMP\nauthentication via repeated attempts with a HMAC length value of 1,\nwhich causes only the first byte of the authentication hash to be\nchecked. \n\nThis issue affects SNMP implementations from multiple vendors.\");\n script_set_attribute(attribute:'see_also', value:'http://sourceforge.net/forum/forum.php?forum_id=833770');\n script_set_attribute( attribute:'solution', value:\n\"This vulnerability affects multiple products from multiple vendors. \nCheck with your vendor for the appropriate solution.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(287);\n\n script_set_attribute(attribute:'vuln_publication_date', value:'2008/05/31');\n script_set_attribute(attribute:'patch_publication_date', value:'2008/06/09');\n script_set_attribute(attribute:'plugin_publication_date', value:'2009/07/31');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:'SNMP');\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies('find_service2.nasl');\n script_require_keys('SNMP/v3/username', 'SNMP/v3/Supported');\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude (\"misc_func.inc\");\ninclude (\"snmp_func.inc\");\n\nv3_supported = get_kb_item( 'SNMP/v3/Supported' );\nif ( ! v3_supported )\n exit( 0, 'SNMPv3 is not supported.' );\n\nusername = get_kb_item( 'SNMP/v3/username' );\nif ( ! username )\n exit( 1, 'No SNMPv3 username specified.' );\n\nport = get_kb_item(\"SNMP/port\");\nif ( !port )\n port = 161;\nif (! get_udp_port_state(port)) exit(0, \"UDP port \"+port+\" is not open.\");\n\nfunction snmp_no_auth_validation_reply( socket, timeout )\n{\n local_var seq, res, pdu, error, oid, ret, rep, id, cmpt, vers, tmp;\n local_var msg_flags, msg_auth_priv_params, response_data_index;\n\n cmpt = 5;\n\n while (cmpt)\n {\n rep = recv(socket:socket, length:4096, timeout:timeout);\n if (!rep)\n return NULL;\n\n # First decode snmp reply (sequence)\n seq = ber_get_sequence (seq:rep);\n\n if (isnull(seq) || (seq[0] != 4) )\n return NULL;\n\n tmp = ber_get_sequence( seq:seq[ 4 ] );\n\n # Check if Response PDU is 2\n pdu = ber_get_response_pdu( pdu:tmp[ 3 ] );\n\n if (isnull(pdu) || (pdu[0] != 4))\n return NULL;\n\n id = ber_get_int (i:pdu[1]);\n\n if ( !isnull(id) && ( ( id == (snmp_request_id - 1) ) || id == 0 ) )\n {\n # Check if Error == NO ERROR\n error = ber_get_int (i:pdu[2]);\n if (isnull(error) || (error != 0))\n return NULL;\n\n # Extract response\n seq = ber_get_sequence (seq:pdu[4]);\n if (isnull(seq) || (seq[0] != 1))\n return NULL;\n\n seq = ber_get_sequence (seq:seq[1]);\n if (isnull(seq) || (seq[0] != 2))\n return NULL;\n\n oid = ber_get_oid (oid:seq[1]);\n res = snmp_extract_reply (rep:seq[2]);\n\n if ( isnull( oid ) )\n return NULL;\n\n ret = make_list();\n ret[0] = oid;\n ret[1] = res;\n\n return ret;\n }\n cmpt--;\n }\n}\n\nrep = NULL;\ntries = 0;\n\nsoc = open_sock_udp(port);\nif ( !soc )\n exit ( 1, 'Socket failure.' );\n\n# Set the common values\nset_snmp_version( version:3 );\nmsg_id = rand();\n\n# Get the authoritative engine ID\nif( ( ! auth_engine_id ) || ( ! auth_engine_boots ) || ( ! auth_engine_time ) )\n{\n msg_flags = raw_string( MSG_REPORTABLE_FLAG );\n msg_global_data = snmpv3_put_msg_global_data( msg_max_size:MSG_MAX_SIZE,\n msg_flags:msg_flags,\n msg_security_model:USM_SECURITY_MODEL );\n snmpv3_connected = snmpv3_initial_request( socket:soc, msg_global_data:msg_global_data, timeout:2 );\n if ( ! snmpv3_connected )\n exit(1, \"SNMPv3 request failed\");\n}\n\n# Set the static parts of the auth attempt\npacked_version = ber_put_int( i:SNMP_VERSION );\nmsg_flags = raw_string( MSG_REPORTABLE_FLAG | MSG_AUTHENTICATED_FLAG );\nauth_data = snmp_assemble_authentication_data( auth_engine_data:snmp_put_engine_data(),\n msg_user_name:username,\n msg_auth_param:'T',\n msg_priv_param:NULL );\n\n# Construct request for SysDesc OID.\nsequence = ber_put_sequence( seq:make_list( ber_put_oid( oid:'1.3.6.1.2.1.1.1.0' ), ber_put_null() ) );\n\nwhile( tries < 512 )\n{\n tries++;\n msg_global_data = snmpv3_put_msg_global_data( msg_max_size:MSG_MAX_SIZE,\n msg_flags:msg_flags,\n msg_security_model:USM_SECURITY_MODEL );\n snmp_header = raw_string( packed_version, msg_global_data, auth_data );\n req = snmp_assemble_request_data( seq:sequence, op:OP_GET_REQUEST );\n whole_msg = ber_put_sequence( seq:make_list( snmp_header, req ) );\n\n send( socket:soc, data:whole_msg );\n rep = snmp_no_auth_validation_reply( socket:soc, timeout:2 );\n\n if ( isnull( rep ) )\n exit( 1, 'Unexpected response.' );\n else if ( rep[ 0 ] == USM_STATS_WRONG_DIGESTS )\n continue;\n else if ( rep[ 0 ] == USM_STATS_UNKNOWN_USER_NAMES )\n exit( 0, 'Not a valid SNMPv3 username for this host' );\n else if ( rep[ 0 ] == '1.3.6.1.2.1.1.1.0' )\n break;\n else\n exit( 1, 'Unexpected response.' );\n}\n\nreset_snmp_version();\n\nif ( rep[ 0 ] == '1.3.6.1.2.1.1.1.0' )\n{\n if ( report_verbosity > 0 )\n {\n report = string(\n '\\n',\n 'Nessus was able to force authorized access after ', tries, ' attempts.\\n\\n',\n 'The request for the system description returned :\\n',\n '\\n',\n rep[ 1 ],'\\n'\n );\n\n security_hole( port:port, proto:'udp', extra:report );\n }\n else security_hole( port:port, proto:'udp' );\n}\nelse\n exit( 0, 'Nessus couldn\\'t find any vulnerable installs.' );\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:18:58", "bulletinFamily": "scanner", "description": "Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities.\nWorkarounds are available for mitigating the impact of the vulnerabilities described in this document. Note: SNMP versions 1, 2 and 2c are not impacted by these vulnerabilities. The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044.", "modified": "2018-11-15T00:00:00", "id": "CISCO-SA-20080610-SNMPV3-NXOS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66697", "published": "2013-05-31T00:00:00", "title": "SNMP Version 3 Authentication Bypass Vulnerabilities (cisco-sa-20080610-snmpv3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Cisco Security Advisory cisco-sa-20080610-snmpv3.\n# The text itself is copyright (C) Cisco\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66697);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2008-0960\");\n script_bugtraq_id(29623);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCsf04754\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20080610-snmpv3\");\n\n script_name(english:\"SNMP Version 3 Authentication Bypass Vulnerabilities (cisco-sa-20080610-snmpv3)\");\n script_summary(english:\"Checks the NX-OS version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple Cisco products contain either of two authentication\nvulnerabilities in the Simple Network Management Protocol version 3\n(SNMPv3) feature. These vulnerabilities can be exploited when\nprocessing a malformed SNMPv3 message. These vulnerabilities could\nallow the disclosure of network information or may enable an attacker\nto perform configuration changes to vulnerable devices. The SNMP\nserver is an optional service that is disabled by default in Cisco\nproducts. Only SNMPv3 is impacted by these vulnerabilities.\nWorkarounds are available for mitigating the impact of the\nvulnerabilities described in this document. Note: SNMP versions 1, 2\nand 2c are not impacted by these vulnerabilities. The United States\nComputer Emergency Response Team (US-CERT) has assigned Vulnerability\nNote VU#878044.\"\n );\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0784818d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Apply the relevant patch referenced in Cisco Security Advisory\ncisco-sa-20080610-snmpv3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:nx-os\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CISCO\");\n\n script_dependencies(\"cisco_nxos_version.nasl\");\n script_require_keys(\"Host/Cisco/NX-OS/Version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\n\nflag = 0;\n\nversion = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Version\");\nif ( version == '4.0' ) flag++;\nif ( version == '4.0(1)' ) flag++;\nif ( version == '4.0(1a)' ) flag++;\n\nif (flag)\n{\n security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:37", "bulletinFamily": "scanner", "description": "s700_800 11.X OV EMANATE15.3 IA-64 Consolidated Patch 6 : \n\nA potential vulnerability has been identified with HP OpenView SNMP Emanate Master Agent Running on HP-UX, Linux, Solaris, and Windows.\nThe vulnerability could be exploited remotely to gain unauthorized access.", "modified": "2018-07-12T00:00:00", "id": "HPUX_PHSS_39887.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47754", "published": "2010-07-19T00:00:00", "title": "HP-UX PHSS_39887 : HP OpenView SNMP Emanate Master Agent Remote Unauthorized Access (HPSBMA02439 SSRT080082 rev.3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_39887. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47754);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2008-0960\");\n script_bugtraq_id(29623);\n script_xref(name:\"HP\", value:\"emr_na-c01757418\");\n script_xref(name:\"HP\", value:\"SSRT080082\");\n\n script_name(english:\"HP-UX PHSS_39887 : HP OpenView SNMP Emanate Master Agent Remote Unauthorized Access (HPSBMA02439 SSRT080082 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV EMANATE15.3 IA-64 Consolidated Patch 6 : \n\nA potential vulnerability has been identified with HP OpenView SNMP\nEmanate Master Agent Running on HP-UX, Linux, Solaris, and Windows.\nThe vulnerability could be exploited remotely to gain unauthorized\naccess.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01757418\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5cc54a7f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_39887 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/21\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23 11.31\", proc:\"ia64\"))\n{\n exit(0, \"The host is not affected since PHSS_39887 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_39887\", \"PHSS_41033\", \"PHSS_41557\", \"PHSS_42776\", \"PHSS_43175\", \"PHSS_43647\", \"PHSS_43818\", \"PHSS_44265\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.23.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.MASTER\", version:\"B.11.31.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.23.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SNMP-ENG-A-MAN\", version:\"B.11.31.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.23.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-HPUNIX\", version:\"B.11.31.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.23.01\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"OVSNMPAgent.SUBAGT-MIB2\", version:\"B.11.31.01\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:46", "bulletinFamily": "scanner", "description": "Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities.\nWorkarounds are available for mitigating the impact of the vulnerabilities described in this document. Note: SNMP versions 1, 2 and 2c are not impacted by these vulnerabilities. The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044.", "modified": "2018-11-15T00:00:00", "id": "CISCO-SA-20080610-SNMPV3HTTP.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49016", "published": "2010-09-01T00:00:00", "title": "SNMP Version 3 Authentication Vulnerabilities (cisco-sa-20080610-snmpv3)", "type": "nessus", "sourceData": "#TRUSTED 2a6a627dbda2d5fe056ee794cac7159a25249549f94c7a3a52f3618dfe42115e4f2f27373de2db5a5172efd632717c38138ecdd9ea885ecafde4b2d8035159c424b34b62e3b99b31fb204e79d564635f9eb6f19f9201c031abb1909511070fbdcd56aaa33f46334a7b3c3b2eeb402570f297ace9e95f02e4ea8012b4adf1636886130ce8414d66dcfc2845bb29e6b4ef21413e6e5d2586d64a85ce9f2adc66a2511df340f6573fd0125296f38313ac23be8eac6f928258aaa311008274aaf09b393f5b75101c7a39dfa6be55cf0bacd30e2d90e612be2436adf8ced0e9e7aa5f01678a3ad6fc07708be943aa2a4d5e3e5d9c9a1e5c2710a9fb59d37a91a1bf5d9317b2c000fedb5894d3debb05b94b19a7313191e6155d0c1666dfc072bac7f149ee13c1771dcfd8f62d2df17cae9acd2375b059132acfc3cdc3e2e97460de778a64eccdde045bdcd8a045254ed32daadae1e269f5ac2d15a5da0218fda3f59f1f86d9dd266d296d38959e68d3df9691a9686e47c0d450410b54e60fd5cdc80109fb9041173fcdd49ad8f95a71d19084ebc9881731aba150d11f4d9ceca184f8e2bae3252d8c4c547880def34d7cb6ef1b1ed86a61ff5b2f77e4b04af8220eb427c3be9c4568d75019185bf2dad47bfd2306daa780824e75005ab2ee5fb48bbf9b5bdf6c093eb4539f3a0550ecfaa773adc635bb1f53af54e81ac4e2c8c8c8d3\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Cisco Security Advisory cisco-sa-20080610-snmpv3.\n# The text itself is copyright (C) Cisco\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49016);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/11/15\");\n\n\n script_cve_id(\"CVE-2008-0960\");\n script_bugtraq_id(29623);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCsf04754\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20080610-snmpv3\");\n\n script_name(english:\"SNMP Version 3 Authentication Vulnerabilities (cisco-sa-20080610-snmpv3)\");\n script_summary(english:\"Checks the IOS version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple Cisco products contain either of two authentication\nvulnerabilities in the Simple Network Management Protocol version 3\n(SNMPv3) feature. These vulnerabilities can be exploited when\nprocessing a malformed SNMPv3 message. These vulnerabilities could\nallow the disclosure of network information or may enable an attacker\nto perform configuration changes to vulnerable devices. The SNMP\nserver is an optional service that is disabled by default in Cisco\nproducts. Only SNMPv3 is impacted by these vulnerabilities.\nWorkarounds are available for mitigating the impact of the\nvulnerabilities described in this document. Note: SNMP versions 1, 2\nand 2c are not impacted by these vulnerabilities. The United States\nComputer Emergency Response Team (US-CERT) has assigned Vulnerability\nNote VU#878044.\"\n );\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0784818d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant patch referenced in Cisco Security Advisory\ncisco-sa-20080610-snmpv3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/01\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CISCO\");\n\n script_dependencies(\"cisco_ios_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS/Version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nflag = 0;\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS/Version\");\noverride = 0;\n\nif ( version == '12.0(10)S' ) flag++;\nif ( version == '12.0(10)S1' ) flag++;\nif ( version == '12.0(10)S2' ) flag++;\nif ( version == '12.0(10)S3' ) flag++;\nif ( version == '12.0(10)S3b' ) flag++;\nif ( version == '12.0(10)S4' ) flag++;\nif ( version == '12.0(10)S5' ) flag++;\nif ( version == '12.0(10)S7' ) flag++;\nif ( version == '12.0(10)S8' ) flag++;\nif ( version == '12.0(10)SC' ) flag++;\nif ( version == '12.0(10)SC1' ) flag++;\nif ( version == '12.0(10)SL' ) flag++;\nif ( version == '12.0(10)ST' ) flag++;\nif ( version == '12.0(10)ST1' ) flag++;\nif ( version == '12.0(10)ST2' ) flag++;\nif ( version == '12.0(10)SX' ) flag++;\nif ( version == '12.0(11)S' ) flag++;\nif ( version == '12.0(11)S1' ) flag++;\nif ( version == '12.0(11)S2' ) flag++;\nif ( version == '12.0(11)S3' ) flag++;\nif ( version == '12.0(11)S4' ) flag++;\nif ( version == '12.0(11)S5' ) flag++;\nif ( version == '12.0(11)S6' ) flag++;\nif ( version == '12.0(11)SC' ) flag++;\nif ( version == '12.0(11)SL' ) flag++;\nif ( version == '12.0(11)SL1' ) flag++;\nif ( version == '12.0(11)ST' ) flag++;\nif ( version == '12.0(11)ST1' ) flag++;\nif ( version == '12.0(11)ST2' ) flag++;\nif ( version == '12.0(11)ST3' ) flag++;\nif ( version == '12.0(11)ST4' ) flag++;\nif ( version == '12.0(12)S' ) flag++;\nif ( version == '12.0(12)S1' ) flag++;\nif ( version == '12.0(12)S2' ) flag++;\nif ( version == '12.0(12)S3' ) flag++;\nif ( version == '12.0(12)S4' ) flag++;\nif ( version == '12.0(12)SC' ) flag++;\nif ( version == '12.0(13)S' ) flag++;\nif ( version == '12.0(13)S1' ) flag++;\nif ( version == '12.0(13)S2' ) flag++;\nif ( version == '12.0(13)S3' ) flag++;\nif ( version == '12.0(13)S4' ) flag++;\nif ( version == '12.0(13)S5' ) flag++;\nif ( version == '12.0(13)S6' ) flag++;\nif ( version == '12.0(13)S8' ) flag++;\nif ( version == '12.0(13)SC' ) flag++;\nif ( version == '12.0(14)S' ) flag++;\nif ( version == '12.0(14)S1' ) flag++;\nif ( version == '12.0(14)S2' ) flag++;\nif ( version == '12.0(14)S3' ) flag++;\nif ( version == '12.0(14)S4' ) flag++;\nif ( version == '12.0(14)S5' ) flag++;\nif ( version == '12.0(14)S6' ) flag++;\nif ( version == '12.0(14)S7' ) flag++;\nif ( version == '12.0(14)S8' ) flag++;\nif ( version == '12.0(14)SC' ) flag++;\nif ( version == '12.0(14)SL' ) flag++;\nif ( version == '12.0(14)SL1' ) flag++;\nif ( version == '12.0(14)ST' ) flag++;\nif ( version == '12.0(14)ST1' ) flag++;\nif ( version == '12.0(14)ST2' ) flag++;\nif ( version == '12.0(14)ST3' ) flag++;\nif ( version == '12.0(15)S' ) flag++;\nif ( version == '12.0(15)S1' ) flag++;\nif ( version == '12.0(15)S2' ) flag++;\nif ( version == '12.0(15)S3' ) flag++;\nif ( version == '12.0(15)S4' ) flag++;\nif ( version == '12.0(15)S5' ) flag++;\nif ( version == '12.0(15)S6' ) flag++;\nif ( version == '12.0(15)S7' ) flag++;\nif ( version == '12.0(15)SC' ) flag++;\nif ( version == '12.0(15)SC1' ) flag++;\nif ( version == '12.0(15)SL' ) flag++;\nif ( version == '12.0(16)S' ) flag++;\nif ( version == '12.0(16)S1' ) flag++;\nif ( version == '12.0(16)S10' ) flag++;\nif ( version == '12.0(16)S2' ) flag++;\nif ( version == '12.0(16)S3' ) flag++;\nif ( version == '12.0(16)S4' ) flag++;\nif ( version == '12.0(16)S5' ) flag++;\nif ( version == '12.0(16)S6' ) flag++;\nif ( version == '12.0(16)S7' ) flag++;\nif ( version == '12.0(16)S8' ) flag++;\nif ( version == '12.0(16)S8a' ) flag++;\nif ( version == '12.0(16)S9' ) flag++;\nif ( version == '12.0(16)SC' ) flag++;\nif ( version == '12.0(16)SC1' ) flag++;\nif ( version == '12.0(16)SC2' ) flag++;\nif ( version == '12.0(16)SC3' ) flag++;\nif ( version == '12.0(16)ST' ) flag++;\nif ( version == '12.0(16)ST1' ) flag++;\nif ( version == '12.0(17)S' ) flag++;\nif ( version == '12.0(17)S1' ) flag++;\nif ( version == '12.0(17)S2' ) flag++;\nif ( version == '12.0(17)S3' ) flag++;\nif ( version == '12.0(17)S4' ) flag++;\nif ( version == '12.0(17)S5' ) flag++;\nif ( version == '12.0(17)S6' ) flag++;\nif ( version == '12.0(17)S7' ) flag++;\nif ( version == '12.0(17)SL' ) flag++;\nif ( version == '12.0(17)SL1' ) flag++;\nif ( version == '12.0(17)SL2' ) flag++;\nif ( version == '12.0(17)SL3' ) flag++;\nif ( version == '12.0(17)SL4' ) flag++;\nif ( version == '12.0(17)SL5' ) flag++;\nif ( version == '12.0(17)SL6' ) flag++;\nif ( version == '12.0(17)SL8' ) flag++;\nif ( version == '12.0(17)ST' ) flag++;\nif ( version == '12.0(17)ST1' ) flag++;\nif ( version == '12.0(17)ST2' ) flag++;\nif ( version == '12.0(17)ST3' ) flag++;\nif ( version == '12.0(17)ST4' ) flag++;\nif ( version == '12.0(17)ST5' ) flag++;\nif ( version == '12.0(17)ST6' ) flag++;\nif ( version == '12.0(17)ST7' ) flag++;\nif ( version == '12.0(17)ST8' ) flag++;\nif ( version == '12.0(18)S' ) flag++;\nif ( version == '12.0(18)S1' ) flag++;\nif ( version == '12.0(18)S2' ) flag++;\nif ( version == '12.0(18)S3' ) flag++;\nif ( version == '12.0(18)S4' ) flag++;\nif ( version == '12.0(18)S5' ) flag++;\nif ( version == '12.0(18)S5a' ) flag++;\nif ( version == '12.0(18)S6' ) flag++;\nif ( version == '12.0(18)S7' ) flag++;\nif ( version == '12.0(18)ST' ) flag++;\nif ( version == '12.0(18)ST1' ) flag++;\nif ( version == '12.0(19)S' ) flag++;\nif ( version == '12.0(19)S1' ) flag++;\nif ( version == '12.0(19)S2' ) flag++;\nif ( version == '12.0(19)S2a' ) flag++;\nif ( version == '12.0(19)S3' ) flag++;\nif ( version == '12.0(19)S4' ) flag++;\nif ( version == '12.0(19)SL' ) flag++;\nif ( version == '12.0(19)SL1' ) flag++;\nif ( version == '12.0(19)SL2' ) flag++;\nif ( version == '12.0(19)SL3' ) flag++;\nif ( version == '12.0(19)SL4' ) flag++;\nif ( version == '12.0(19)SP' ) flag++;\nif ( version == '12.0(19)ST' ) flag++;\nif ( version == '12.0(19)ST1' ) flag++;\nif ( version == '12.0(19)ST2' ) flag++;\nif ( version == '12.0(19)ST3' ) flag++;\nif ( version == '12.0(19)ST4' ) flag++;\nif ( version == '12.0(19)ST5' ) flag++;\nif ( version == '12.0(19)ST6' ) flag++;\nif ( version == '12.0(2)XH' ) flag++;\nif ( version == '12.0(20)SP' ) flag++;\nif ( version == '12.0(20)SP1' ) flag++;\nif ( version == '12.0(20)SP2' ) flag++;\nif ( version == '12.0(20)ST' ) flag++;\nif ( version == '12.0(20)ST1' ) flag++;\nif ( version == '12.0(20)ST2' ) flag++;\nif ( version == '12.0(20)ST3' ) flag++;\nif ( version == '12.0(20)ST4' ) flag++;\nif ( version == '12.0(20)ST5' ) flag++;\nif ( version == '12.0(20)ST6' ) flag++;\nif ( version == '12.0(21)S' ) flag++;\nif ( version == '12.0(21)S1' ) flag++;\nif ( version == '12.0(21)S2' ) flag++;\nif ( version == '12.0(21)S3' ) flag++;\nif ( version == '12.0(21)S4' ) flag++;\nif ( version == '12.0(21)S4a' ) flag++;\nif ( version == '12.0(21)S5' ) flag++;\nif ( version == '12.0(21)S5a' ) flag++;\nif ( version == '12.0(21)S6' ) flag++;\nif ( version == '12.0(21)S6a' ) flag++;\nif ( version == '12.0(21)S7' ) flag++;\nif ( version == '12.0(21)S8' ) flag++;\nif ( version == '12.0(21)SP' ) flag++;\nif ( version == '12.0(21)SP1' ) flag++;\nif ( version == '12.0(21)SP2' ) flag++;\nif ( version == '12.0(21)SP3' ) flag++;\nif ( version == '12.0(21)SP4' ) flag++;\nif ( version == '12.0(21)ST' ) flag++;\nif ( version == '12.0(21)ST1' ) flag++;\nif ( version == '12.0(21)ST2' ) flag++;\nif ( version == '12.0(21)ST2a' ) flag++;\nif ( version == '12.0(21)ST2b' ) flag++;\nif ( version == '12.0(21)ST3' ) flag++;\nif ( version == '12.0(21)ST3a' ) flag++;\nif ( version == '12.0(21)ST4' ) flag++;\nif ( version == '12.0(21)ST5' ) flag++;\nif ( version == '12.0(21)ST6' ) flag++;\nif ( version == '12.0(21)ST6a' ) flag++;\nif ( version == '12.0(21)ST7' ) flag++;\nif ( version == '12.0(21)SX' ) flag++;\nif ( version == '12.0(21)SX1' ) flag++;\nif ( version == '12.0(21)SZ' ) flag++;\nif ( version == '12.0(22)S' ) flag++;\nif ( version == '12.0(22)S1' ) flag++;\nif ( version == '12.0(22)S2' ) flag++;\nif ( version == '12.0(22)S2a' ) flag++;\nif ( version == '12.0(22)S2b' ) flag++;\nif ( version == '12.0(22)S2c' ) flag++;\nif ( version == '12.0(22)S2d' ) flag++;\nif ( version == '12.0(22)S2e' ) flag++;\nif ( version == '12.0(22)S3' ) flag++;\nif ( version == '12.0(22)S3a' ) flag++;\nif ( version == '12.0(22)S3b' ) flag++;\nif ( version == '12.0(22)S3c' ) flag++;\nif ( version == '12.0(22)S4' ) flag++;\nif ( version == '12.0(22)S4a' ) flag++;\nif ( version == '12.0(22)S5' ) flag++;\nif ( version == '12.0(22)S5a' ) flag++;\nif ( version == '12.0(22)S6' ) flag++;\nif ( version == '12.0(23)S' ) flag++;\nif ( version == '12.0(23)S1' ) flag++;\nif ( version == '12.0(23)S2' ) flag++;\nif ( version == '12.0(23)S2a' ) flag++;\nif ( version == '12.0(23)S3' ) flag++;\nif ( version == '12.0(23)S3a' ) flag++;\nif ( version == '12.0(23)S3b' ) flag++;\nif ( version == '12.0(23)S3c' ) flag++;\nif ( version == '12.0(23)S4' ) flag++;\nif ( version == '12.0(23)S5' ) flag++;\nif ( version == '12.0(23)S6' ) flag++;\nif ( version == '12.0(23)S6a' ) flag++;\nif ( version == '12.0(23)SX' ) flag++;\nif ( version == '12.0(23)SX1' ) flag++;\nif ( version == '12.0(23)SX2' ) flag++;\nif ( version == '12.0(23)SX3' ) flag++;\nif ( version == '12.0(23)SX4' ) flag++;\nif ( version == '12.0(23)SX5' ) flag++;\nif ( version == '12.0(23)SZ3' ) flag++;\nif ( version == '12.0(24)S' ) flag++;\nif ( version == '12.0(24)S1' ) flag++;\nif ( version == '12.0(24)S2' ) flag++;\nif ( version == '12.0(24)S2a' ) flag++;\nif ( version == '12.0(24)S2b' ) flag++;\nif ( version == '12.0(24)S3' ) flag++;\nif ( version == '12.0(24)S4' ) flag++;\nif ( version == '12.0(24)S4a' ) flag++;\nif ( version == '12.0(24)S5' ) flag++;\nif ( version == '12.0(24)S6' ) flag++;\nif ( version == '12.0(25)S' ) flag++;\nif ( version == '12.0(25)S1' ) flag++;\nif ( version == '12.0(25)S1a' ) flag++;\nif ( version == '12.0(25)S1b' ) flag++;\nif ( version == '12.0(25)S1c' ) flag++;\nif ( version == '12.0(25)S1d' ) flag++;\nif ( version == '12.0(25)S2' ) flag++;\nif ( version == '12.0(25)S3' ) flag++;\nif ( version == '12.0(25)S4' ) flag++;\nif ( version == '12.0(25)SX' ) flag++;\nif ( version == '12.0(25)SX1' ) flag++;\nif ( version == '12.0(25)SX10' ) flag++;\nif ( version == '12.0(25)SX2' ) flag++;\nif ( version == '12.0(25)SX3' ) flag++;\nif ( version == '12.0(25)SX4' ) flag++;\nif ( version == '12.0(25)SX5' ) flag++;\nif ( version == '12.0(25)SX6' ) flag++;\nif ( version == '12.0(25)SX6e' ) flag++;\nif ( version == '12.0(25)SX7' ) flag++;\nif ( version == '12.0(25)SX8' ) flag++;\nif ( version == '12.0(25)SX9' ) flag++;\nif ( version == '12.0(26)S' ) flag++;\nif ( version == '12.0(26)S1' ) flag++;\nif ( version == '12.0(26)S2' ) flag++;\nif ( version == '12.0(26)S2c' ) flag++;\nif ( version == '12.0(26)S3' ) flag++;\nif ( version == '12.0(26)S4' ) flag++;\nif ( version == '12.0(26)S5' ) flag++;\nif ( version == '12.0(26)S6' ) flag++;\nif ( version == '12.0(27)S' ) flag++;\nif ( version == '12.0(27)S1' ) flag++;\nif ( version == '12.0(27)S2' ) flag++;\nif ( version == '12.0(27)S2a' ) flag++;\nif ( version == '12.0(27)S3' ) flag++;\nif ( version == '12.0(27)S4' ) flag++;\nif ( version == '12.0(27)S5' ) flag++;\nif ( version == '12.0(28)S' ) flag++;\nif ( version == '12.0(28)S2' ) flag++;\nif ( version == '12.0(28)S3' ) flag++;\nif ( version == '12.0(28)S4' ) flag++;\nif ( version == '12.0(28)S5' ) flag++;\nif ( version == '12.0(28)S6' ) flag++;\nif ( version == '12.0(28)SW1' ) flag++;\nif ( version == '12.0(29)S' ) flag++;\nif ( version == '12.0(29)S1' ) flag++;\nif ( version == '12.0(3)T' ) flag++;\nif ( version == '12.0(3)T1' ) flag++;\nif ( version == '12.0(3)T2' ) flag++;\nif ( version == '12.0(3)T3' ) flag++;\nif ( version == '12.0(3)XE' ) flag++;\nif ( version == '12.0(3)XE1' ) flag++;\nif ( version == '12.0(3)XE2' ) flag++;\nif ( version == '12.0(3)XG' ) flag++;\nif ( version == '12.0(30)S' ) flag++;\nif ( version == '12.0(30)S1' ) flag++;\nif ( version == '12.0(30)S2' ) flag++;\nif ( version == '12.0(30)S3' ) flag++;\nif ( version == '12.0(30)S4' ) flag++;\nif ( version == '12.0(30)S5' ) flag++;\nif ( version == '12.0(31)S' ) flag++;\nif ( version == '12.0(31)S1' ) flag++;\nif ( version == '12.0(31)S2' ) flag++;\nif ( version == '12.0(31)S3' ) flag++;\nif ( version == '12.0(31)S4' ) flag++;\nif ( version == '12.0(31)S5' ) flag++;\nif ( version == '12.0(31)S6' ) flag++;\nif ( version == '12.0(32)S' ) flag++;\nif ( version == '12.0(32)S1' ) flag++;\nif ( version == '12.0(32)S2' ) flag++;\nif ( version == '12.0(32)S3' ) flag++;\nif ( version == '12.0(32)S4' ) flag++;\nif ( version == '12.0(32)SY' ) flag++;\nif ( version == '12.0(4)T' ) flag++;\nif ( version == '12.0(4)T1' ) flag++;\nif ( version == '12.0(4)XE' ) flag++;\nif ( version == '12.0(4)XE2' ) flag++;\nif ( version == '12.0(4)XH' ) flag++;\nif ( version == '12.0(4)XH1' ) flag++;\nif ( version == '12.0(4)XH3' ) flag++;\nif ( version == '12.0(4)XH4' ) flag++;\nif ( version == '12.0(4)XI' ) flag++;\nif ( version == '12.0(4)XI1' ) flag++;\nif ( version == '12.0(4)XJ' ) flag++;\nif ( version == '12.0(4)XJ1' ) flag++;\nif ( version == '12.0(4)XJ2' ) flag++;\nif ( version == '12.0(4)XJ3' ) flag++;\nif ( version == '12.0(4)XJ4' ) flag++;\nif ( version == '12.0(4)XJ5' ) flag++;\nif ( version == '12.0(4)XJ6' ) flag++;\nif ( version == '12.0(4)XL' ) flag++;\nif ( version == '12.0(4)XL1' ) flag++;\nif ( version == '12.0(4)XM' ) flag++;\nif ( version == '12.0(4)XM1' ) flag++;\nif ( version == '12.0(5)T' ) flag++;\nif ( version == '12.0(5)T1' ) flag++;\nif ( version == '12.0(5)T2' ) flag++;\nif ( version == '12.0(5)WC10' ) flag++;\nif ( version == '12.0(5)WC11' ) flag++;\nif ( version == '12.0(5)WC12' ) flag++;\nif ( version == '12.0(5)WC13' ) flag++;\nif ( version == '12.0(5)WC14' ) flag++;\nif ( version == '12.0(5)WC15' ) flag++;\nif ( version == '12.0(5)WC3a' ) flag++;\nif ( version == '12.0(5)WC4' ) flag++;\nif ( version == '12.0(5)WC4a' ) flag++;\nif ( version == '12.0(5)WC5' ) flag++;\nif ( version == '12.0(5)WC5a' ) flag++;\nif ( version == '12.0(5)WC6' ) flag++;\nif ( version == '12.0(5)WC7' ) flag++;\nif ( version == '12.0(5)WC8' ) flag++;\nif ( version == '12.0(5)WC9' ) flag++;\nif ( version == '12.0(5)WC9a' ) flag++;\nif ( version == '12.0(5)XE' ) flag++;\nif ( version == '12.0(5)XE1' ) flag++;\nif ( version == '12.0(5)XE2' ) flag++;\nif ( version == '12.0(5)XE3' ) flag++;\nif ( version == '12.0(5)XE4' ) flag++;\nif ( version == '12.0(5)XE5' ) flag++;\nif ( version == '12.0(5)XE6' ) flag++;\nif ( version == '12.0(5)XE7' ) flag++;\nif ( version == '12.0(5)XE8' ) flag++;\nif ( version == '12.0(5)XK' ) flag++;\nif ( version == '12.0(5)XK1' ) flag++;\nif ( version == '12.0(5)XK2' ) flag++;\nif ( version == '12.0(5)XN' ) flag++;\nif ( version == '12.0(5)XQ' ) flag++;\nif ( version == '12.0(5)XQ1' ) flag++;\nif ( version == '12.0(5)XS1' ) flag++;\nif ( version == '12.0(5)XS2' ) flag++;\nif ( version == '12.0(5)XT1' ) flag++;\nif ( version == '12.0(6)S' ) flag++;\nif ( version == '12.0(6)S1' ) flag++;\nif ( version == '12.0(6)S2' ) flag++;\nif ( version == '12.0(6)SC' ) flag++;\nif ( version == '12.0(7)DB' ) flag++;\nif ( version == '12.0(7)DB1' ) flag++;\nif ( version == '12.0(7)DB2' ) flag++;\nif ( version == '12.0(7)DC' ) flag++;\nif ( version == '12.0(7)DC1' ) flag++;\nif ( version == '12.0(7)S' ) flag++;\nif ( version == '12.0(7)T' ) flag++;\nif ( version == '12.0(7)T2' ) flag++;\nif ( version == '12.0(7)T3' ) flag++;\nif ( version == '12.0(7)XE1' ) flag++;\nif ( version == '12.0(7)XE2' ) flag++;\nif ( version == '12.0(7)XF1' ) flag++;\nif ( version == '12.0(7)XK' ) flag++;\nif ( version == '12.0(7)XK1' ) flag++;\nif ( version == '12.0(7)XK2' ) flag++;\nif ( version == '12.0(7)XK3' ) flag++;\nif ( version == '12.0(7)XR1' ) flag++;\nif ( version == '12.0(7)XR2' ) flag++;\nif ( version == '12.0(7)XR3' ) flag++;\nif ( version == '12.0(7)XR4' ) flag++;\nif ( version == '12.0(7)XV' ) flag++;\nif ( version == '12.0(8)S' ) flag++;\nif ( version == '12.0(8)S1' ) flag++;\nif ( version == '12.0(8)SC' ) flag++;\nif ( version == '12.0(8)SC1' ) flag++;\nif ( version == '12.0(9)S' ) flag++;\nif ( version == '12.0(9)S8' ) flag++;\nif ( version == '12.0(9)SC' ) flag++;\nif ( version == '12.0(9)SL' ) flag++;\nif ( version == '12.0(9)SL1' ) flag++;\nif ( version == '12.0(9)SL2' ) flag++;\nif ( version == '12.0(9)ST' ) flag++;\nif ( version == '12.1(1)' ) flag++;\nif ( version == '12.1(1)AA' ) flag++;\nif ( version == '12.1(1)AA1' ) flag++;\nif ( version == '12.1(1)DA' ) flag++;\nif ( version == '12.1(1)DA1' ) flag++;\nif ( version == '12.1(1)DB' ) flag++;\nif ( version == '12.1(1)DB2' ) flag++;\nif ( version == '12.1(1)DC' ) flag++;\nif ( version == '12.1(1)DC1' ) flag++;\nif ( version == '12.1(1)DC2' ) flag++;\nif ( version == '12.1(1)E' ) flag++;\nif ( version == '12.1(1)E1' ) flag++;\nif ( version == '12.1(1)E3' ) flag++;\nif ( version == '12.1(1)E4' ) flag++;\nif ( version == '12.1(1)E5' ) flag++;\nif ( version == '12.1(1)E6' ) flag++;\nif ( version == '12.1(1)EX' ) flag++;\nif ( version == '12.1(1)EX1' ) flag++;\nif ( version == '12.1(1)GA' ) flag++;\nif ( version == '12.1(1)GA1' ) flag++;\nif ( version == '12.1(1)T' ) flag++;\nif ( version == '12.1(1)XA' ) flag++;\nif ( version == '12.1(1)XA2' ) flag++;\nif ( version == '12.1(1)XA3' ) flag++;\nif ( version == '12.1(1)XA4' ) flag++;\nif ( version == '12.1(1)XB' ) flag++;\nif ( version == '12.1(1)XC1' ) flag++;\nif ( version == '12.1(1)XD' ) flag++;\nif ( version == '12.1(1)XD1' ) flag++;\nif ( version == '12.1(1)XD2' ) flag++;\nif ( version == '12.1(1)XE' ) flag++;\nif ( version == '12.1(1)XE1' ) flag++;\nif ( version == '12.1(10)' ) flag++;\nif ( version == '12.1(10)AA' ) flag++;\nif ( version == '12.1(10)E' ) flag++;\nif ( version == '12.1(10)E1' ) flag++;\nif ( version == '12.1(10)E2' ) flag++;\nif ( version == '12.1(10)E3' ) flag++;\nif ( version == '12.1(10)E4' ) flag++;\nif ( version == '12.1(10)E5' ) flag++;\nif ( version == '12.1(10)E6' ) flag++;\nif ( version == '12.1(10)E6a' ) flag++;\nif ( version == '12.1(10)E7' ) flag++;\nif ( version == '12.1(10)E8' ) flag++;\nif ( version == '12.1(10)EC' ) flag++;\nif ( version == '12.1(10)EC1' ) flag++;\nif ( version == '12.1(10)EV' ) flag++;\nif ( version == '12.1(10)EV1' ) flag++;\nif ( version == '12.1(10)EV1a' ) flag++;\nif ( version == '12.1(10)EV2' ) flag++;\nif ( version == '12.1(10)EV3' ) flag++;\nif ( version == '12.1(10)EV4' ) flag++;\nif ( version == '12.1(10)EX' ) flag++;\nif ( version == '12.1(10)EX1' ) flag++;\nif ( version == '12.1(10)EX2' ) flag++;\nif ( version == '12.1(10)EY' ) flag++;\nif ( version == '12.1(10a)' ) flag++;\nif ( version == '12.1(11)' ) flag++;\nif ( version == '12.1(11)AX' ) flag++;\nif ( version == '12.1(11)EA1' ) flag++;\nif ( version == '12.1(11)EA1a' ) flag++;\nif ( version == '12.1(11)YJ' ) flag++;\nif ( version == '12.1(11)YJ2' ) flag++;\nif ( version == '12.1(11)YJ3' ) flag++;\nif ( version == '12.1(11)YJ4' ) flag++;\nif ( version == '12.1(11a)' ) flag++;\nif ( version == '12.1(11b)' ) flag++;\nif ( version == '12.1(11b)E' ) flag++;\nif ( version == '12.1(11b)E0a' ) flag++;\nif ( version == '12.1(11b)E1' ) flag++;\nif ( version == '12.1(11b)E11' ) flag++;\nif ( version == '12.1(11b)E12' ) flag++;\nif ( version == '12.1(11b)E14' ) flag++;\nif ( version == '12.1(11b)E2' ) flag++;\nif ( version == '12.1(11b)E3' ) flag++;\nif ( version == '12.1(11b)E4' ) flag++;\nif ( version == '12.1(11b)E5' ) flag++;\nif ( version == '12.1(11b)E7' ) flag++;\nif ( version == '12.1(11b)EC' ) flag++;\nif ( version == '12.1(11b)EC1' ) flag++;\nif ( version == '12.1(11b)EW' ) flag++;\nif ( version == '12.1(11b)EW1' ) flag++;\nif ( version == '12.1(11b)EX' ) flag++;\nif ( version == '12.1(11b)EX1' ) flag++;\nif ( version == '12.1(12)' ) flag++;\nif ( version == '12.1(12a)' ) flag++;\nif ( version == '12.1(12b)' ) flag++;\nif ( version == '12.1(12c)' ) flag++;\nif ( version == '12.1(12c)E' ) flag++;\nif ( version == '12.1(12c)E1' ) flag++;\nif ( version == '12.1(12c)E2' ) flag++;\nif ( version == '12.1(12c)E3' ) flag++;\nif ( version == '12.1(12c)E4' ) flag++;\nif ( version == '12.1(12c)E5' ) flag++;\nif ( version == '12.1(12c)E6' ) flag++;\nif ( version == '12.1(12c)EA1' ) flag++;\nif ( version == '12.1(12c)EC' ) flag++;\nif ( version == '12.1(12c)EC1' ) flag++;\nif ( version == '12.1(12c)EV' ) flag++;\nif ( version == '12.1(12c)EV1' ) flag++;\nif ( version == '12.1(12c)EV2' ) flag++;\nif ( version == '12.1(12c)EV3' ) flag++;\nif ( version == '12.1(12c)EW' ) flag++;\nif ( version == '12.1(12c)EW1' ) flag++;\nif ( version == '12.1(12c)EW2' ) flag++;\nif ( version == '12.1(12c)EW3' ) flag++;\nif ( version == '12.1(12c)EW4' ) flag++;\nif ( version == '12.1(12c)EX' ) flag++;\nif ( version == '12.1(12c)EX1' ) flag++;\nif ( version == '12.1(12c)EY' ) flag++;\nif ( version == '12.1(13)' ) flag++;\nif ( version == '12.1(13)AY' ) flag++;\nif ( version == '12.1(13)E' ) flag++;\nif ( version == '12.1(13)E1' ) flag++;\nif ( version == '12.1(13)E10' ) flag++;\nif ( version == '12.1(13)E11' ) flag++;\nif ( version == '12.1(13)E12' ) flag++;\nif ( version == '12.1(13)E13' ) flag++;\nif ( version == '12.1(13)E14' ) flag++;\nif ( version == '12.1(13)E15' ) flag++;\nif ( version == '12.1(13)E16' ) flag++;\nif ( version == '12.1(13)E17' ) flag++;\nif ( version == '12.1(13)E2' ) flag++;\nif ( version == '12.1(13)E3' ) flag++;\nif ( version == '12.1(13)E4' ) flag++;\nif ( version == '12.1(13)E5' ) flag++;\nif ( version == '12.1(13)E6' ) flag++;\nif ( version == '12.1(13)E7' ) flag++;\nif ( version == '12.1(13)E8' ) flag++;\nif ( version == '12.1(13)E9' ) flag++;\nif ( version == '12.1(13)EA1' ) flag++;\nif ( version == '12.1(13)EA1a' ) flag++;\nif ( version == '12.1(13)EA1b' ) flag++;\nif ( version == '12.1(13)EA1c' ) flag++;\nif ( version == '12.1(13)EB' ) flag++;\nif ( version == '12.1(13)EB1' ) flag++;\nif ( version == '12.1(13)EC' ) flag++;\nif ( version == '12.1(13)EC1' ) flag++;\nif ( version == '12.1(13)EC2' ) flag++;\nif ( version == '12.1(13)EC3' ) flag++;\nif ( version == '12.1(13)EC4' ) flag++;\nif ( version == '12.1(13)EW' ) flag++;\nif ( version == '12.1(13)EW1' ) flag++;\nif ( version == '12.1(13)EW2' ) flag++;\nif ( version == '12.1(13)EW3' ) flag++;\nif ( version == '12.1(13)EW4' ) flag++;\nif ( version == '12.1(13)EX' ) flag++;\nif ( version == '12.1(13)EX1' ) flag++;\nif ( version == '12.1(13)EX2' ) flag++;\nif ( version == '12.1(13)EX3' ) flag++;\nif ( version == '12.1(13a)' ) flag++;\nif ( version == '12.1(14)' ) flag++;\nif ( version == '12.1(14)AX' ) flag++;\nif ( version == '12.1(14)AX1' ) flag++;\nif ( version == '12.1(14)AX2' ) flag++;\nif ( version == '12.1(14)AX3' ) flag++;\nif ( version == '12.1(14)AX4' ) flag++;\nif ( version == '12.1(14)AZ' ) flag++;\nif ( version == '12.1(14)E' ) flag++;\nif ( version == '12.1(14)E1' ) flag++;\nif ( version == '12.1(14)E10' ) flag++;\nif ( version == '12.1(14)E2' ) flag++;\nif ( version == '12.1(14)E3' ) flag++;\nif ( version == '12.1(14)E4' ) flag++;\nif ( version == '12.1(14)E5' ) flag++;\nif ( version == '12.1(14)E6' ) flag++;\nif ( version == '12.1(14)E7' ) flag++;\nif ( version == '12.1(14)EA1' ) flag++;\nif ( version == '12.1(14)EA1a' ) flag++;\nif ( version == '12.1(14)EA1b' ) flag++;\nif ( version == '12.1(14)EB' ) flag++;\nif ( version == '12.1(14)EB1' ) flag++;\nif ( version == '12.1(14)EO' ) flag++;\nif ( version == '12.1(14)EO1' ) flag++;\nif ( version == '12.1(15)' ) flag++;\nif ( version == '12.1(16)' ) flag++;\nif ( version == '12.1(17)' ) flag++;\nif ( version == '12.1(17a)' ) flag++;\nif ( version == '12.1(18)' ) flag++;\nif ( version == '12.1(19)' ) flag++;\nif ( version == '12.1(19)E' ) flag++;\nif ( version == '12.1(19)E1' ) flag++;\nif ( version == '12.1(19)E2' ) flag++;\nif ( version == '12.1(19)E3' ) flag++;\nif ( version == '12.1(19)E4' ) flag++;\nif ( version == '12.1(19)E6' ) flag++;\nif ( version == '12.1(19)E7' ) flag++;\nif ( version == '12.1(19)EA1' ) flag++;\nif ( version == '12.1(19)EA1a' ) flag++;\nif ( version == '12.1(19)EA1b' ) flag++;\nif ( version == '12.1(19)EA1c' ) flag++;\nif ( version == '12.1(19)EA1d' ) flag++;\nif ( version == '12.1(19)EB' ) flag++;\nif ( version == '12.1(19)EC' ) flag++;\nif ( version == '12.1(19)EC1' ) flag++;\nif ( version == '12.1(19)EO' ) flag++;\nif ( version == '12.1(19)EO1' ) flag++;\nif ( version == '12.1(19)EO2' ) flag++;\nif ( version == '12.1(19)EO3' ) flag++;\nif ( version == '12.1(19)EO4' ) flag++;\nif ( version == '12.1(19)EO5' ) flag++;\nif ( version == '12.1(19)EW' ) flag++;\nif ( version == '12.1(19)EW1' ) flag++;\nif ( version == '12.1(19)EW2' ) flag++;\nif ( version == '12.1(19)EW3' ) flag++;\nif ( version == '12.1(1a)' ) flag++;\nif ( version == '12.1(1a)T1' ) flag++;\nif ( version == '12.1(1b)' ) flag++;\nif ( version == '12.1(1c)' ) flag++;\nif ( version == '12.1(2)' ) flag++;\nif ( version == '12.1(2)DA' ) flag++;\nif ( version == '12.1(2)E' ) flag++;\nif ( version == '12.1(2)E1' ) flag++;\nif ( version == '12.1(2)E2' ) flag++;\nif ( version == '12.1(2)EC' ) flag++;\nif ( version == '12.1(2)EC1' ) flag++;\nif ( version == '12.1(2)GB' ) flag++;\nif ( version == '12.1(2)T' ) flag++;\nif ( version == '12.1(2)XF' ) flag++;\nif ( version == '12.1(2)XF1' ) flag++;\nif ( version == '12.1(2)XF2' ) flag++;\nif ( version == '12.1(2)XF3' ) flag++;\nif ( version == '12.1(2)XF4' ) flag++;\nif ( version == '12.1(2)XF5' ) flag++;\nif ( version == '12.1(2)XT2' ) flag++;\nif ( version == '12.1(20)' ) flag++;\nif ( version == '12.1(20)E' ) flag++;\nif ( version == '12.1(20)E1' ) flag++;\nif ( version == '12.1(20)E2' ) flag++;\nif ( version == '12.1(20)E3' ) flag++;\nif ( version == '12.1(20)E4' ) flag++;\nif ( version == '12.1(20)E5' ) flag++;\nif ( version == '12.1(20)E6' ) flag++;\nif ( version == '12.1(20)EA1' ) flag++;\nif ( version == '12.1(20)EA1a' ) flag++;\nif ( version == '12.1(20)EA2' ) flag++;\nif ( version == '12.1(20)EB' ) flag++;\nif ( version == '12.1(20)EC' ) flag++;\nif ( version == '12.1(20)EC1' ) flag++;\nif ( version == '12.1(20)EC2' ) flag++;\nif ( version == '12.1(20)EC3' ) flag++;\nif ( version == '12.1(20)EO' ) flag++;\nif ( version == '12.1(20)EO1' ) flag++;\nif ( version == '12.1(20)EO2' ) flag++;\nif ( version == '12.1(20)EO3' ) flag++;\nif ( version == '12.1(20)EU' ) flag++;\nif ( version == '12.1(20)EU1' ) flag++;\nif ( version == '12.1(20)EW' ) flag++;\nif ( version == '12.1(20)EW1' ) flag++;\nif ( version == '12.1(20)EW2' ) flag++;\nif ( version == '12.1(20)EW3' ) flag++;\nif ( version == '12.1(20)EW4' ) flag++;\nif ( version == '12.1(20a)' ) flag++;\nif ( version == '12.1(21)' ) flag++;\nif ( version == '12.1(22)' ) flag++;\nif ( version == '12.1(22)AY1' ) flag++;\nif ( version == '12.1(22)E' ) flag++;\nif ( version == '12.1(22)E1' ) flag++;\nif ( version == '12.1(22)E2' ) flag++;\nif ( version == '12.1(22)E3' ) flag++;\nif ( version == '12.1(22)E4' ) flag++;\nif ( version == '12.1(22)E5' ) flag++;\nif ( version == '12.1(22)E6' ) flag++;\nif ( version == '12.1(22)EA1' ) flag++;\nif ( version == '12.1(22)EA1a' ) flag++;\nif ( version == '12.1(22)EA1b' ) flag++;\nif ( version == '12.1(22)EA2' ) flag++;\nif ( version == '12.1(22)EA3' ) flag++;\nif ( version == '12.1(22)EA4' ) flag++;\nif ( version == '12.1(22)EA4a' ) flag++;\nif ( version == '12.1(22)EA5' ) flag++;\nif ( version == '12.1(22)EA5a' ) flag++;\nif ( version == '12.1(22)EA6' ) flag++;\nif ( version == '12.1(22)EA6a' ) flag++;\nif ( version == '12.1(22)EA7' ) flag++;\nif ( version == '12.1(22)EA8' ) flag++;\nif ( version == '12.1(22)EA8a' ) flag++;\nif ( version == '12.1(22)EA9' ) flag++;\nif ( version == '12.1(22)EB' ) flag++;\nif ( version == '12.1(22)EC' ) flag++;\nif ( version == '12.1(22)EC1' ) flag++;\nif ( version == '12.1(22a)' ) flag++;\nif ( version == '12.1(22b)' ) flag++;\nif ( version == '12.1(22c)' ) flag++;\nif ( version == '12.1(23)E' ) flag++;\nif ( version == '12.1(23)E1' ) flag++;\nif ( version == '12.1(23)E2' ) flag++;\nif ( version == '12.1(23)E3' ) flag++;\nif ( version == '12.1(23)E4' ) flag++;\nif ( version == '12.1(23)EB' ) flag++;\nif ( version == '12.1(24)' ) flag++;\nif ( version == '12.1(25)' ) flag++;\nif ( version == '12.1(26)' ) flag++;\nif ( version == '12.1(26)E' ) flag++;\nif ( version == '12.1(26)E1' ) flag++;\nif ( version == '12.1(26)E2' ) flag++;\nif ( version == '12.1(26)E3' ) flag++;\nif ( version == '12.1(26)E4' ) flag++;\nif ( version == '12.1(26)E5' ) flag++;\nif ( version == '12.1(26)E6' ) flag++;\nif ( version == '12.1(26)E7' ) flag++;\nif ( version == '12.1(26)EB' ) flag++;\nif ( version == '12.1(26)EB1' ) flag++;\nif ( version == '12.1(27)' ) flag++;\nif ( version == '12.1(27a)' ) flag++;\nif ( version == '12.1(27b)' ) flag++;\nif ( version == '12.1(27b)E' ) flag++;\nif ( version == '12.1(2a)' ) flag++;\nif ( version == '12.1(2a)AA' ) flag++;\nif ( version == '12.1(2a)T1' ) flag++;\nif ( version == '12.1(2a)T2' ) flag++;\nif ( version == '12.1(2a)XH' ) flag++;\nif ( version == '12.1(2a)XH1' ) flag++;\nif ( version == '12.1(2a)XH2' ) flag++;\nif ( version == '12.1(2a)XH3' ) flag++;\nif ( version == '12.1(2b)' ) flag++;\nif ( version == '12.1(3)' ) flag++;\nif ( version == '12.1(3)AA' ) flag++;\nif ( version == '12.1(3)DA' ) flag++;\nif ( version == '12.1(3)DB' ) flag++;\nif ( version == '12.1(3)DB1' ) flag++;\nif ( version == '12.1(3)DC' ) flag++;\nif ( version == '12.1(3)DC1' ) flag++;\nif ( version == '12.1(3)DC2' ) flag++;\nif ( version == '12.1(3)T' ) flag++;\nif ( version == '12.1(3)XG' ) flag++;\nif ( version == '12.1(3)XG1' ) flag++;\nif ( version == '12.1(3)XG2' ) flag++;\nif ( version == '12.1(3)XG3' ) flag++;\nif ( version == '12.1(3)XG4' ) flag++;\nif ( version == '12.1(3)XG5' ) flag++;\nif ( version == '12.1(3)XG6' ) flag++;\nif ( version == '12.1(3)XI' ) flag++;\nif ( version == '12.1(3)XJ' ) flag++;\nif ( version == '12.1(3)XL' ) flag++;\nif ( version == '12.1(3)XP' ) flag++;\nif ( version == '12.1(3)XP1' ) flag++;\nif ( version == '12.1(3)XP2' ) flag++;\nif ( version == '12.1(3)XP3' ) flag++;\nif ( version == '12.1(3)XP4' ) flag++;\nif ( version == '12.1(3)XQ' ) flag++;\nif ( version == '12.1(3)XQ1' ) flag++;\nif ( version == '12.1(3)XQ2' ) flag++;\nif ( version == '12.1(3)XQ3' ) flag++;\nif ( version == '12.1(3)XS' ) flag++;\nif ( version == '12.1(3)XT' ) flag++;\nif ( version == '12.1(3)XT1' ) flag++;\nif ( version == '12.1(3)XT2' ) flag++;\nif ( version == '12.1(3)XW' ) flag++;\nif ( version == '12.1(3)XW1' ) flag++;\nif ( version == '12.1(3)XW2' ) flag++;\nif ( version == '12.1(3a)E' ) flag++;\nif ( version == '12.1(3a)E1' ) flag++;\nif ( version == '12.1(3a)E3' ) flag++;\nif ( version == '12.1(3a)E4' ) flag++;\nif ( version == '12.1(3a)E5' ) flag++;\nif ( version == '12.1(3a)E6' ) flag++;\nif ( version == '12.1(3a)E7' ) flag++;\nif ( version == '12.1(3a)E8' ) flag++;\nif ( version == '12.1(3a)EC' ) flag++;\nif ( version == '12.1(3a)EC1' ) flag++;\nif ( version == '12.1(3a)T1' ) flag++;\nif ( version == '12.1(3a)T2' ) flag++;\nif ( version == '12.1(3a)T3' ) flag++;\nif ( version == '12.1(3a)T4' ) flag++;\nif ( version == '12.1(3a)T5' ) flag++;\nif ( version == '12.1(3a)T6' ) flag++;\nif ( version == '12.1(3a)T7' ) flag++;\nif ( version == '12.1(3a)T8' ) flag++;\nif ( version == '12.1(3a)XI1' ) flag++;\nif ( version == '12.1(3a)XI2' ) flag++;\nif ( version == '12.1(3a)XI3' ) flag++;\nif ( version == '12.1(3a)XI4' ) flag++;\nif ( version == '12.1(3a)XI5' ) flag++;\nif ( version == '12.1(3a)XI6' ) flag++;\nif ( version == '12.1(3a)XI7' ) flag++;\nif ( version == '12.1(3a)XI8' ) flag++;\nif ( version == '12.1(3a)XI9' ) flag++;\nif ( version == '12.1(3a)XL1' ) flag++;\nif ( version == '12.1(3a)XL2' ) flag++;\nif ( version == '12.1(3a)XL3' ) flag++;\nif ( version == '12.1(3b)' ) flag++;\nif ( version == '12.1(4)AA' ) flag++;\nif ( version == '12.1(4)CX' ) flag++;\nif ( version == '12.1(4)DA' ) flag++;\nif ( version == '12.1(4)DB1' ) flag++;\nif ( version == '12.1(4)DC2' ) flag++;\nif ( version == '12.1(4)DC3' ) flag++;\nif ( version == '12.1(4)E' ) flag++;\nif ( version == '12.1(4)E1' ) flag++;\nif ( version == '12.1(4)E2' ) flag++;\nif ( version == '12.1(4)E3' ) flag++;\nif ( version == '12.1(4)EC' ) flag++;\nif ( version == '12.1(4)XY1' ) flag++;\nif ( version == '12.1(4)XY3' ) flag++;\nif ( version == '12.1(4)XY4' ) flag++;\nif ( version == '12.1(4)XY5' ) flag++;\nif ( version == '12.1(4)XY6' ) flag++;\nif ( version == '12.1(4)XY7' ) flag++;\nif ( version == '12.1(4)XY8' ) flag++;\nif ( version == '12.1(4)XZ' ) flag++;\nif ( version == '12.1(4)XZ1' ) flag++;\nif ( version == '12.1(4)XZ2' ) flag++;\nif ( version == '12.1(4)XZ3' ) flag++;\nif ( version == '12.1(4)XZ4' ) flag++;\nif ( version == '12.1(4)XZ5' ) flag++;\nif ( version == '12.1(4)XZ6' ) flag++;\nif ( version == '12.1(4)XZ7' ) flag++;\nif ( version == '12.1(4a)' ) flag++;\nif ( version == '12.1(4b)' ) flag++;\nif ( version == '12.1(4c)' ) flag++;\nif ( version == '12.1(5)' ) flag++;\nif ( version == '12.1(5)AA' ) flag++;\nif ( version == '12.1(5)DA' ) flag++;\nif ( version == '12.1(5)DA1' ) flag++;\nif ( version == '12.1(5)DB' ) flag++;\nif ( version == '12.1(5)DB1' ) flag++;\nif ( version == '12.1(5)DB2' ) flag++;\nif ( version == '12.1(5)DC' ) flag++;\nif ( version == '12.1(5)DC1' ) flag++;\nif ( version == '12.1(5)DC2' ) flag++;\nif ( version == '12.1(5)DC3' ) flag++;\nif ( version == '12.1(5)EC' ) flag++;\nif ( version == '12.1(5)EC1' ) flag++;\nif ( version == '12.1(5)EY' ) flag++;\nif ( version == '12.1(5)EY1' ) flag++;\nif ( version == '12.1(5)EY2' ) flag++;\nif ( version == '12.1(5)T' ) flag++;\nif ( version == '12.1(5)T1' ) flag++;\nif ( version == '12.1(5)T10' ) flag++;\nif ( version == '12.1(5)T11' ) flag++;\nif ( version == '12.1(5)T12' ) flag++;\nif ( version == '12.1(5)T14' ) flag++;\nif ( version == '12.1(5)T15' ) flag++;\nif ( version == '12.1(5)T17' ) flag++;\nif ( version == '12.1(5)T18' ) flag++;\nif ( version == '12.1(5)T19' ) flag++;\nif ( version == '12.1(5)T2' ) flag++;\nif ( version == '12.1(5)T20' ) flag++;\nif ( version == '12.1(5)T3' ) flag++;\nif ( version == '12.1(5)T4' ) flag++;\nif ( version == '12.1(5)T5' ) flag++;\nif ( version == '12.1(5)T6' ) flag++;\nif ( version == '12.1(5)T7' ) flag++;\nif ( version == '12.1(5)T8' ) flag++;\nif ( version == '12.1(5)T8a' ) flag++;\nif ( version == '12.1(5)T8b' ) flag++;\nif ( version == '12.1(5)T9' ) flag++;\nif ( version == '12.1(5)XM' ) flag++;\nif ( version == '12.1(5)XM1' ) flag++;\nif ( version == '12.1(5)XM2' ) flag++;\nif ( version == '12.1(5)XM3' ) flag++;\nif ( version == '12.1(5)XM4' ) flag++;\nif ( version == '12.1(5)XM5' ) flag++;\nif ( version == '12.1(5)XM6' ) flag++;\nif ( version == '12.1(5)XM7' ) flag++;\nif ( version == '12.1(5)XM8' ) flag++;\nif ( version == '12.1(5)XR' ) flag++;\nif ( version == '12.1(5)XR1' ) flag++;\nif ( version == '12.1(5)XR2' ) flag++;\nif ( version == '12.1(5)XS' ) flag++;\nif ( version == '12.1(5)XS1' ) flag++;\nif ( version == '12.1(5)XS2' ) flag++;\nif ( version == '12.1(5)XS3' ) flag++;\nif ( version == '12.1(5)XS4' ) flag++;\nif ( version == '12.1(5)XS5' ) flag++;\nif ( version == '12.1(5)XU' ) flag++;\nif ( version == '12.1(5)XU1' ) flag++;\nif ( version == '12.1(5)XV' ) flag++;\nif ( version == '12.1(5)XV1' ) flag++;\nif ( version == '12.1(5)XV2' ) flag++;\nif ( version == '12.1(5)XV4' ) flag++;\nif ( version == '12.1(5)XX' ) flag++;\nif ( version == '12.1(5)XX1' ) flag++;\nif ( version == '12.1(5)XX2' ) flag++;\nif ( version == '12.1(5)XX3' ) flag++;\nif ( version == '12.1(5)YA' ) flag++;\nif ( version == '12.1(5)YA1' ) flag++;\nif ( version == '12.1(5)YA2' ) flag++;\nif ( version == '12.1(5)YB' ) flag++;\nif ( version == '12.1(5)YB1' ) flag++;\nif ( version == '12.1(5)YB3' ) flag++;\nif ( version == '12.1(5)YB4' ) flag++;\nif ( version == '12.1(5)YB5' ) flag++;\nif ( version == '12.1(5)YC' ) flag++;\nif ( version == '12.1(5)YC1' ) flag++;\nif ( version == '12.1(5)YC2' ) flag++;\nif ( version == '12.1(5)YC3' ) flag++;\nif ( version == '12.1(5)YD' ) flag++;\nif ( version == '12.1(5)YD1' ) flag++;\nif ( version == '12.1(5)YD2' ) flag++;\nif ( version == '12.1(5)YD3' ) flag++;\nif ( version == '12.1(5)YD4' ) flag++;\nif ( version == '12.1(5)YD5' ) flag++;\nif ( version == '12.1(5)YD6' ) flag++;\nif ( version == '12.1(5)YE1' ) flag++;\nif ( version == '12.1(5)YE2' ) flag++;\nif ( version == '12.1(5)YE3' ) flag++;\nif ( version == '12.1(5)YE4' ) flag++;\nif ( version == '12.1(5)YE5' ) flag++;\nif ( version == '12.1(5)YF' ) flag++;\nif ( version == '12.1(5)YF1' ) flag++;\nif ( version == '12.1(5)YF2' ) flag++;\nif ( version == '12.1(5)YF3' ) flag++;\nif ( version == '12.1(5)YF4' ) flag++;\nif ( version == '12.1(5)YH' ) flag++;\nif ( version == '12.1(5)YH1' ) flag++;\nif ( version == '12.1(5)YH2' ) flag++;\nif ( version == '12.1(5)YH3' ) flag++;\nif ( version == '12.1(5)YH4' ) flag++;\nif ( version == '12.1(5)YI' ) flag++;\nif ( version == '12.1(5)YI1' ) flag++;\nif ( version == '12.1(5)YI2' ) flag++;\nif ( version == '12.1(5a)' ) flag++;\nif ( version == '12.1(5a)E' ) flag++;\nif ( version == '12.1(5a)E1' ) flag++;\nif ( version == '12.1(5a)E2' ) flag++;\nif ( version == '12.1(5a)E3' ) flag++;\nif ( version == '12.1(5a)E4' ) flag++;\nif ( version == '12.1(5b)' ) flag++;\nif ( version == '12.1(5b)E7' ) flag++;\nif ( version == '12.1(5c)' ) flag++;\nif ( version == '12.1(5c)E10' ) flag++;\nif ( version == '12.1(5c)E12' ) flag++;\nif ( version == '12.1(5c)E8' ) flag++;\nif ( version == '12.1(5c)E9' ) flag++;\nif ( version == '12.1(5c)EX3' ) flag++;\nif ( version == '12.1(5d)' ) flag++;\nif ( version == '12.1(5e)' ) flag++;\nif ( version == '12.1(6)' ) flag++;\nif ( version == '12.1(6)AA' ) flag++;\nif ( version == '12.1(6)DA' ) flag++;\nif ( version == '12.1(6)DA1' ) flag++;\nif ( version == '12.1(6)E' ) flag++;\nif ( version == '12.1(6)E1' ) flag++;\nif ( version == '12.1(6)E13' ) flag++;\nif ( version == '12.1(6)E2' ) flag++;\nif ( version == '12.1(6)E8' ) flag++;\nif ( version == '12.1(6)EA1' ) flag++;\nif ( version == '12.1(6)EC' ) flag++;\nif ( version == '12.1(6)EC1' ) flag++;\nif ( version == '12.1(6)EY' ) flag++;\nif ( version == '12.1(6)EY1' ) flag++;\nif ( version == '12.1(6)EZ' ) flag++;\nif ( version == '12.1(6)EZ1' ) flag++;\nif ( version == '12.1(6)EZ2' ) flag++;\nif ( version == '12.1(6)EZ3' ) flag++;\nif ( version == '12.1(6)EZ4' ) flag++;\nif ( version == '12.1(6)EZ5' ) flag++;\nif ( version == '12.1(6)EZ6' ) flag++;\nif ( version == '12.1(6a)' ) flag++;\nif ( version == '12.1(6b)' ) flag++;\nif ( version == '12.1(7)' ) flag++;\nif ( version == '12.1(7)AA' ) flag++;\nif ( version == '12.1(7)DA' ) flag++;\nif ( version == '12.1(7)DA1' ) flag++;\nif ( version == '12.1(7)DA2' ) flag++;\nif ( version == '12.1(7)DA3' ) flag++;\nif ( version == '12.1(7)E' ) flag++;\nif ( version == '12.1(7)E0a' ) flag++;\nif ( version == '12.1(7)EC' ) flag++;\nif ( version == '12.1(7a)' ) flag++;\nif ( version == '12.1(7a)E1' ) flag++;\nif ( version == '12.1(7a)E1a' ) flag++;\nif ( version == '12.1(7a)E2' ) flag++;\nif ( version == '12.1(7a)E3' ) flag++;\nif ( version == '12.1(7a)E4' ) flag++;\nif ( version == '12.1(7a)E5' ) flag++;\nif ( version == '12.1(7a)E6' ) flag++;\nif ( version == '12.1(7a)EY' ) flag++;\nif ( version == '12.1(7a)EY1' ) flag++;\nif ( version == '12.1(7a)EY2' ) flag++;\nif ( version == '12.1(7a)EY3' ) flag++;\nif ( version == '12.1(7b)' ) flag++;\nif ( version == '12.1(7c)' ) flag++;\nif ( version == '12.1(8)' ) flag++;\nif ( version == '12.1(8)AA' ) flag++;\nif ( version == '12.1(8)AA1' ) flag++;\nif ( version == '12.1(8)EA1c' ) flag++;\nif ( version == '12.1(8)EC' ) flag++;\nif ( version == '12.1(8)EC1' ) flag++;\nif ( version == '12.1(8a)' ) flag++;\nif ( version == '12.1(8a)E' ) flag++;\nif ( version == '12.1(8a)E1' ) flag++;\nif ( version == '12.1(8a)E2' ) flag++;\nif ( version == '12.1(8a)E4' ) flag++;\nif ( version == '12.1(8a)E5' ) flag++;\nif ( version == '12.1(8a)EW' ) flag++;\nif ( version == '12.1(8a)EW1' ) flag++;\nif ( version == '12.1(8a)EX' ) flag++;\nif ( version == '12.1(8a)EX1' ) flag++;\nif ( version == '12.1(8b)' ) flag++;\nif ( version == '12.1(8b)E10' ) flag++;\nif ( version == '12.1(8b)E11' ) flag++;\nif ( version == '12.1(8b)E12' ) flag++;\nif ( version == '12.1(8b)E14' ) flag++;\nif ( version == '12.1(8b)E15' ) flag++;\nif ( version == '12.1(8b)E18' ) flag++;\nif ( version == '12.1(8b)E19' ) flag++;\nif ( version == '12.1(8b)E20' ) flag++;\nif ( version == '12.1(8b)E6' ) flag++;\nif ( version == '12.1(8b)E7' ) flag++;\nif ( version == '12.1(8b)E8' ) flag++;\nif ( version == '12.1(8b)E9' ) flag++;\nif ( version == '12.1(8b)EX2' ) flag++;\nif ( version == '12.1(8b)EX3' ) flag++;\nif ( version == '12.1(8b)EX5' ) flag++;\nif ( version == '12.1(9)' ) flag++;\nif ( version == '12.1(9)E' ) flag++;\nif ( version == '12.1(9)E2' ) flag++;\nif ( version == '12.1(9)E3' ) flag++;\nif ( version == '12.1(9)EA1' ) flag++;\nif ( version == '12.1(9)EC1' ) flag++;\nif ( version == '12.1(9)EX' ) flag++;\nif ( version == '12.1(9)EX1' ) flag++;\nif ( version == '12.1(9)EX2' ) flag++;\nif ( version == '12.1(9)EX3' ) flag++;\nif ( version == '12.1(9a)' ) flag++;\nif ( version == '12.2(1)' ) flag++;\nif ( version == '12.2(1)DX' ) flag++;\nif ( version == '12.2(1)DX1' ) flag++;\nif ( version == '12.2(1)M0' ) flag++;\nif ( version == '12.2(1)MB1' ) flag++;\nif ( version == '12.2(1)XD' ) flag++;\nif ( version == '12.2(1)XD1' ) flag++;\nif ( version == '12.2(1)XD2' ) flag++;\nif ( version == '12.2(1)XD3' ) flag++;\nif ( version == '12.2(1)XD4' ) flag++;\nif ( version == '12.2(1)XE' ) flag++;\nif ( version == '12.2(1)XE1' ) flag++;\nif ( version == '12.2(1)XE2' ) flag++;\nif ( version == '12.2(1)XF' ) flag++;\nif ( version == '12.2(1)XF1' ) flag++;\nif ( version == '12.2(1)XS' ) flag++;\nif ( version == '12.2(1)XS1' ) flag++;\nif ( version == '12.2(1)XS1a' ) flag++;\nif ( version == '12.2(1)XS2' ) flag++;\nif ( version == '12.2(10)' ) flag++;\nif ( version == '12.2(10)DA' ) flag++;\nif ( version == '12.2(10)DA1' ) flag++;\nif ( version == '12.2(10)DA2' ) flag++;\nif ( version == '12.2(10)DA3' ) flag++;\nif ( version == '12.2(10)DA5' ) flag++;\nif ( version == '12.2(10a)' ) flag++;\nif ( version == '12.2(10b)' ) flag++;\nif ( version == '12.2(10d)' ) flag++;\nif ( version == '12.2(10g)' ) flag++;\nif ( version == '12.2(11)BC1' ) flag++;\nif ( version == '12.2(11)BC1a' ) flag++;\nif ( version == '12.2(11)BC1b' ) flag++;\nif ( version == '12.2(11)BC2' ) flag++;\nif ( version == '12.2(11)BC2a' ) flag++;\nif ( version == '12.2(11)BC3' ) flag++;\nif ( version == '12.2(11)BC3a' ) flag++;\nif ( version == '12.2(11)BC3b' ) flag++;\nif ( version == '12.2(11)BC3c' ) flag++;\nif ( version == '12.2(11)BC3d' ) flag++;\nif ( version == '12.2(11)CX' ) flag++;\nif ( version == '12.2(11)CX1' ) flag++;\nif ( version == '12.2(11)CY' ) flag++;\nif ( version == '12.2(11)JA' ) flag++;\nif ( version == '12.2(11)JA1' ) flag++;\nif ( version == '12.2(11)JA2' ) flag++;\nif ( version == '12.2(11)JA3' ) flag++;\nif ( version == '12.2(11)T' ) flag++;\nif ( version == '12.2(11)T1' ) flag++;\nif ( version == '12.2(11)T10' ) flag++;\nif ( version == '12.2(11)T11' ) flag++;\nif ( version == '12.2(11)T2' ) flag++;\nif ( version == '12.2(11)T3' ) flag++;\nif ( version == '12.2(11)T4' ) flag++;\nif ( version == '12.2(11)T5' ) flag++;\nif ( version == '12.2(11)T6' ) flag++;\nif ( version == '12.2(11)T8' ) flag++;\nif ( version == '12.2(11)T9' ) flag++;\nif ( version == '12.2(11)YP3' ) flag++;\nif ( version == '12.2(11)YQ' ) flag++;\nif ( version == '12.2(11)YR' ) flag++;\nif ( version == '12.2(11)YT' ) flag++;\nif ( version == '12.2(11)YT1' ) flag++;\nif ( version == '12.2(11)YT2' ) flag++;\nif ( version == '12.2(11)YU' ) flag++;\nif ( version == '12.2(11)YV' ) flag++;\nif ( version == '12.2(11)YV1' ) flag++;\nif ( version == '12.2(11)YZ' ) flag++;\nif ( version == '12.2(11)YZ1' ) flag++;\nif ( version == '12.2(11)YZ2' ) flag++;\nif ( version == '12.2(11)ZC' ) flag++;\nif ( version == '12.2(12)' ) flag++;\nif ( version == '12.2(12)DA' ) flag++;\nif ( version == '12.2(12)DA1' ) flag++;\nif ( version == '12.2(12)DA10' ) flag++;\nif ( version == '12.2(12)DA2' ) flag++;\nif ( version == '12.2(12)DA3' ) flag++;\nif ( version == '12.2(12)DA4' ) flag++;\nif ( version == '12.2(12)DA5' ) flag++;\nif ( version == '12.2(12)DA6' ) flag++;\nif ( version == '12.2(12)DA7' ) flag++;\nif ( version == '12.2(12)DA8' ) flag++;\nif ( version == '12.2(12)DA9' ) flag++;\nif ( version == '12.2(12a)' ) flag++;\nif ( version == '12.2(12b)' ) flag++;\nif ( version == '12.2(12b)M1' ) flag++;\nif ( version == '12.2(12c)' ) flag++;\nif ( version == '12.2(12e)' ) flag++;\nif ( version == '12.2(12f)' ) flag++;\nif ( version == '12.2(12g)' ) flag++;\nif ( version == '12.2(12h)' ) flag++;\nif ( version == '12.2(12h)M1' ) flag++;\nif ( version == '12.2(12i)' ) flag++;\nif ( version == '12.2(12j)' ) flag++;\nif ( version == '12.2(12k)' ) flag++;\nif ( version == '12.2(12l)' ) flag++;\nif ( version == '12.2(12m)' ) flag++;\nif ( version == '12.2(13)' ) flag++;\nif ( version == '12.2(13)JA' ) flag++;\nif ( version == '12.2(13)JA1' ) flag++;\nif ( version == '12.2(13)JA2' ) flag++;\nif ( version == '12.2(13)JA3' ) flag++;\nif ( version == '12.2(13)JA4' ) flag++;\nif ( version == '12.2(13)T' ) flag++;\nif ( version == '12.2(13)T1' ) flag++;\nif ( version == '12.2(13)T10' ) flag++;\nif ( version == '12.2(13)T11' ) flag++;\nif ( version == '12.2(13)T12' ) flag++;\nif ( version == '12.2(13)T13' ) flag++;\nif ( version == '12.2(13)T14' ) flag++;\nif ( version == '12.2(13)T16' ) flag++;\nif ( version == '12.2(13)T1a' ) flag++;\nif ( version == '12.2(13)T2' ) flag++;\nif ( version == '12.2(13)T3' ) flag++;\nif ( version == '12.2(13)T4' ) flag++;\nif ( version == '12.2(13)T5' ) flag++;\nif ( version == '12.2(13)T8' ) flag++;\nif ( version == '12.2(13)T9' ) flag++;\nif ( version == '12.2(13)ZC' ) flag++;\nif ( version == '12.2(13)ZD' ) flag++;\nif ( version == '12.2(13)ZD1' ) flag++;\nif ( version == '12.2(13)ZD2' ) flag++;\nif ( version == '12.2(13)ZD3' ) flag++;\nif ( version == '12.2(13)ZD4' ) flag++;\nif ( version == '12.2(13)ZE' ) flag++;\nif ( version == '12.2(13)ZF' ) flag++;\nif ( version == '12.2(13)ZF1' ) flag++;\nif ( version == '12.2(13)ZF2' ) flag++;\nif ( version == '12.2(13)ZG' ) flag++;\nif ( version == '12.2(13)ZH' ) flag++;\nif ( version == '12.2(13)ZH1' ) flag++;\nif ( version == '12.2(13)ZH2' ) flag++;\nif ( version == '12.2(13)ZH3' ) flag++;\nif ( version == '12.2(13)ZH4' ) flag++;\nif ( version == '12.2(13)ZH5' ) flag++;\nif ( version == '12.2(13)ZH6' ) flag++;\nif ( version == '12.2(13)ZH7' ) flag++;\nif ( version == '12.2(13)ZH8' ) flag++;\nif ( version == '12.2(13)ZP' ) flag++;\nif ( version == '12.2(13)ZP1' ) flag++;\nif ( version == '12.2(13)ZP2' ) flag++;\nif ( version == '12.2(13)ZP3' ) flag++;\nif ( version == '12.2(13)ZP4' ) flag++;\nif ( version == '12.2(13a)' ) flag++;\nif ( version == '12.2(13b)' ) flag++;\nif ( version == '12.2(13c)' ) flag++;\nif ( version == '12.2(13e)' ) flag++;\nif ( version == '12.2(14)S' ) flag++;\nif ( version == '12.2(14)S1' ) flag++;\nif ( version == '12.2(14)S10' ) flag++;\nif ( version == '12.2(14)S11' ) flag++;\nif ( version == '12.2(14)S12' ) flag++;\nif ( version == '12.2(14)S13' ) flag++;\nif ( version == '12.2(14)S14' ) flag++;\nif ( version == '12.2(14)S15' ) flag++;\nif ( version == '12.2(14)S16' ) flag++;\nif ( version == '12.2(14)S17' ) flag++;\nif ( version == '12.2(14)S2' ) flag++;\nif ( version == '12.2(14)S3' ) flag++;\nif ( version == '12.2(14)S5' ) flag++;\nif ( version == '12.2(14)S7' ) flag++;\nif ( version == '12.2(14)S8' ) flag++;\nif ( version == '12.2(14)S9' ) flag++;\nif ( version == '12.2(14)SX' ) flag++;\nif ( version == '12.2(14)SX1' ) flag++;\nif ( version == '12.2(14)SX2' ) flag++;\nif ( version == '12.2(14)SZ' ) flag++;\nif ( version == '12.2(14)SZ1' ) flag++;\nif ( version == '12.2(14)SZ2' ) flag++;\nif ( version == '12.2(14)SZ3' ) flag++;\nif ( version == '12.2(14)SZ4' ) flag++;\nif ( version == '12.2(14)SZ5' ) flag++;\nif ( version == '12.2(14)SZ6' ) flag++;\nif ( version == '12.2(14)ZA' ) flag++;\nif ( version == '12.2(14)ZA1' ) flag++;\nif ( version == '12.2(14)ZA2' ) flag++;\nif ( version == '12.2(14)ZA3' ) flag++;\nif ( version == '12.2(14)ZA4' ) flag++;\nif ( version == '12.2(14)ZA5' ) flag++;\nif ( version == '12.2(14)ZA6' ) flag++;\nif ( version == '12.2(14)ZA7' ) flag++;\nif ( version == '12.2(15)B' ) flag++;\nif ( version == '12.2(15)BC1' ) flag++;\nif ( version == '12.2(15)BC1a' ) flag++;\nif ( version == '12.2(15)BC1b' ) flag++;\nif ( version == '12.2(15)BC1c' ) flag++;\nif ( version == '12.2(15)BC1d' ) flag++;\nif ( version == '12.2(15)BC1e' ) flag++;\nif ( version == '12.2(15)BC1f' ) flag++;\nif ( version == '12.2(15)BC1g' ) flag++;\nif ( version == '12.2(15)BC2' ) flag++;\nif ( version == '12.2(15)BC2a' ) flag++;\nif ( version == '12.2(15)BC2b' ) flag++;\nif ( version == '12.2(15)BC2c' ) flag++;\nif ( version == '12.2(15)BC2d' ) flag++;\nif ( version == '12.2(15)BC2e' ) flag++;\nif ( version == '12.2(15)BC2f' ) flag++;\nif ( version == '12.2(15)BC2g' ) flag++;\nif ( version == '12.2(15)BC2h' ) flag++;\nif ( version == '12.2(15)BC2i' ) flag++;\nif ( version == '12.2(15)BX' ) flag++;\nif ( version == '12.2(15)BZ2' ) flag++;\nif ( version == '12.2(15)CX' ) flag++;\nif ( version == '12.2(15)CX1' ) flag++;\nif ( version == '12.2(15)JA' ) flag++;\nif ( version == '12.2(15)JK' ) flag++;\nif ( version == '12.2(15)JK1' ) flag++;\nif ( version == '12.2(15)JK2' ) flag++;\nif ( version == '12.2(15)JK3' ) flag++;\nif ( version == '12.2(15)JK4' ) flag++;\nif ( version == '12.2(15)JK5' ) flag++;\nif ( version == '12.2(15)MC1' ) flag++;\nif ( version == '12.2(15)MC1a' ) flag++;\nif ( version == '12.2(15)MC1b' ) flag++;\nif ( version == '12.2(15)MC1c' ) flag++;\nif ( version == '12.2(15)MC2' ) flag++;\nif ( version == '12.2(15)MC2a' ) flag++;\nif ( version == '12.2(15)MC2b' ) flag++;\nif ( version == '12.2(15)MC2c' ) flag++;\nif ( version == '12.2(15)MC2e' ) flag++;\nif ( version == '12.2(15)MC2f' ) flag++;\nif ( version == '12.2(15)MC2g' ) flag++;\nif ( version == '12.2(15)T' ) flag++;\nif ( version == '12.2(15)T1' ) flag++;\nif ( version == '12.2(15)T10' ) flag++;\nif ( version == '12.2(15)T11' ) flag++;\nif ( version == '12.2(15)T12' ) flag++;\nif ( version == '12.2(15)T13' ) flag++;\nif ( version == '12.2(15)T14' ) flag++;\nif ( version == '12.2(15)T15' ) flag++;\nif ( version == '12.2(15)T16' ) flag++;\nif ( version == '12.2(15)T2' ) flag++;\nif ( version == '12.2(15)T4' ) flag++;\nif ( version == '12.2(15)T4e' ) flag++;\nif ( version == '12.2(15)T5' ) flag++;\nif ( version == '12.2(15)T7' ) flag++;\nif ( version == '12.2(15)T8' ) flag++;\nif ( version == '12.2(15)T9' ) flag++;\nif ( version == '12.2(15)XR' ) flag++;\nif ( version == '12.2(15)XR1' ) flag++;\nif ( version == '12.2(15)XR2' ) flag++;\nif ( version == '12.2(15)ZJ' ) flag++;\nif ( version == '12.2(15)ZJ1' ) flag++;\nif ( version == '12.2(15)ZJ2' ) flag++;\nif ( version == '12.2(15)ZJ3' ) flag++;\nif ( version == '12.2(15)ZJ5' ) flag++;\nif ( version == '12.2(15)ZL' ) flag++;\nif ( version == '12.2(15)ZL1' ) flag++;\nif ( version == '12.2(16)' ) flag++;\nif ( version == '12.2(16)B' ) flag++;\nif ( version == '12.2(16)B1' ) flag++;\nif ( version == '12.2(16)B2' ) flag++;\nif ( version == '12.2(16)BX' ) flag++;\nif ( version == '12.2(16)BX1' ) flag++;\nif ( version == '12.2(16)BX2' ) flag++;\nif ( version == '12.2(16)BX3' ) flag++;\nif ( version == '12.2(16a)' ) flag++;\nif ( version == '12.2(16b)' ) flag++;\nif ( version == '12.2(16c)' ) flag++;\nif ( version == '12.2(16f)' ) flag++;\nif ( version == '12.2(17)' ) flag++;\nif ( version == '12.2(17a)' ) flag++;\nif ( version == '12.2(17a)SX' ) flag++;\nif ( version == '12.2(17a)SX1' ) flag++;\nif ( version == '12.2(17a)SX2' ) flag++;\nif ( version == '12.2(17a)SX3' ) flag++;\nif ( version == '12.2(17a)SX4' ) flag++;\nif ( version == '12.2(17b)' ) flag++;\nif ( version == '12.2(17b)SXA' ) flag++;\nif ( version == '12.2(17b)SXA2' ) flag++;\nif ( version == '12.2(17d)' ) flag++;\nif ( version == '12.2(17d)SXB' ) flag++;\nif ( version == '12.2(17d)SXB1' ) flag++;\nif ( version == '12.2(17d)SXB10' ) flag++;\nif ( version == '12.2(17d)SXB11' ) flag++;\nif ( version == '12.2(17d)SXB11a' ) flag++;\nif ( version == '12.2(17d)SXB2' ) flag++;\nif ( version == '12.2(17d)SXB3' ) flag++;\nif ( version == '12.2(17d)SXB4' ) flag++;\nif ( version == '12.2(17d)SXB5' ) flag++;\nif ( version == '12.2(17d)SXB6' ) flag++;\nif ( version == '12.2(17d)SXB7' ) flag++;\nif ( version == '12.2(17d)SXB8' ) flag++;\nif ( version == '12.2(17d)SXB9' ) flag++;\nif ( version == '12.2(17e)' ) flag++;\nif ( version == '12.2(17f)' ) flag++;\nif ( version == '12.2(18)EW' ) flag++;\nif ( version == '12.2(18)EW1' ) flag++;\nif ( version == '12.2(18)EW2' ) flag++;\nif ( version == '12.2(18)EW3' ) flag++;\nif ( version == '12.2(18)EW4' ) flag++;\nif ( version == '12.2(18)EW5' ) flag++;\nif ( version == '12.2(18)EW6' ) flag++;\nif ( version == '12.2(18)IXA' ) flag++;\nif ( version == '12.2(18)S' ) flag++;\nif ( version == '12.2(18)S1' ) flag++;\nif ( version == '12.2(18)S10' ) flag++;\nif ( version == '12.2(18)S11' ) flag++;\nif ( version == '12.2(18)S12' ) flag++;\nif ( version == '12.2(18)S2' ) flag++;\nif ( version == '12.2(18)S3' ) flag++;\nif ( version == '12.2(18)S4' ) flag++;\nif ( version == '12.2(18)S5' ) flag++;\nif ( version == '12.2(18)S6' ) flag++;\nif ( version == '12.2(18)S7' ) flag++;\nif ( version == '12.2(18)S8' ) flag++;\nif ( version == '12.2(18)S9' ) flag++;\nif ( version == '12.2(18)SE' ) flag++;\nif ( version == '12.2(18)SE1' ) flag++;\nif ( version == '12.2(18)SO1' ) flag++;\nif ( version == '12.2(18)SO2' ) flag++;\nif ( version == '12.2(18)SO3' ) flag++;\nif ( version == '12.2(18)SO4' ) flag++;\nif ( version == '12.2(18)SO5' ) flag++;\nif ( version == '12.2(18)SO6' ) flag++;\nif ( version == '12.2(18)SV' ) flag++;\nif ( version == '12.2(18)SV1' ) flag++;\nif ( version == '12.2(18)SV2' ) flag++;\nif ( version == '12.2(18)SV3' ) flag++;\nif ( version == '12.2(18)SW' ) flag++;\nif ( version == '12.2(18)SXD' ) flag++;\nif ( version == '12.2(18)SXD1' ) flag++;\nif ( version == '12.2(18)SXD2' ) flag++;\nif ( version == '12.2(18)SXD3' ) flag++;\nif ( version == '12.2(18)SXD4' ) flag++;\nif ( version == '12.2(18)SXD5' ) flag++;\nif ( version == '12.2(18)SXD6' ) flag++;\nif ( version == '12.2(18)SXD7' ) flag++;\nif ( version == '12.2(18)SXE' ) flag++;\nif ( version == '12.2(18)SXE1' ) flag++;\nif ( version == '12.2(18)SXE2' ) flag++;\nif ( version == '12.2(18)SXE3' ) flag++;\nif ( version == '12.2(18)SXE4' ) flag++;\nif ( version == '12.2(18)SXE5' ) flag++;\nif ( version == '12.2(18)SXE6' ) flag++;\nif ( version == '12.2(18)SXF' ) flag++;\nif ( version == '12.2(18)SXF1' ) flag++;\nif ( version == '12.2(18)SXF2' ) flag++;\nif ( version == '12.2(18)SXF3' ) flag++;\nif ( version == '12.2(18)SXF4' ) flag++;\nif ( version == '12.2(18)SXF5' ) flag++;\nif ( version == '12.2(18)ZU' ) flag++;\nif ( version == '12.2(19)' ) flag++;\nif ( version == '12.2(19)SW' ) flag++;\nif ( version == '12.2(19a)' ) flag++;\nif ( version == '12.2(19b)' ) flag++;\nif ( version == '12.2(19c)' ) flag++;\nif ( version == '12.2(1a)' ) flag++;\nif ( version == '12.2(1a)XC' ) flag++;\nif ( version == '12.2(1a)XC1' ) flag++;\nif ( version == '12.2(1a)XC2' ) flag++;\nif ( version == '12.2(1a)XC3' ) flag++;\nif ( version == '12.2(1b)' ) flag++;\nif ( version == '12.2(1b)DA' ) flag++;\nif ( version == '12.2(1b)DA1' ) flag++;\nif ( version == '12.2(1c)' ) flag++;\nif ( version == '12.2(1d)' ) flag++;\nif ( version == '12.2(2)B' ) flag++;\nif ( version == '12.2(2)B1' ) flag++;\nif ( version == '12.2(2)B2' ) flag++;\nif ( version == '12.2(2)B3' ) flag++;\nif ( version == '12.2(2)B4' ) flag++;\nif ( version == '12.2(2)B5' ) flag++;\nif ( version == '12.2(2)B6' ) flag++;\nif ( version == '12.2(2)B7' ) flag++;\nif ( version == '12.2(2)BX' ) flag++;\nif ( version == '12.2(2)BX1' ) flag++;\nif ( version == '12.2(2)BY' ) flag++;\nif ( version == '12.2(2)BY1' ) flag++;\nif ( version == '12.2(2)BY2' ) flag++;\nif ( version == '12.2(2)BY3' ) flag++;\nif ( version == '12.2(2)DD' ) flag++;\nif ( version == '12.2(2)DD1' ) flag++;\nif ( version == '12.2(2)DD2' ) flag++;\nif ( version == '12.2(2)DD3' ) flag++;\nif ( version == '12.2(2)DD4' ) flag++;\nif ( version == '12.2(2)DX3' ) flag++;\nif ( version == '12.2(2)T' ) flag++;\nif ( version == '12.2(2)T1' ) flag++;\nif ( version == '12.2(2)T2' ) flag++;\nif ( version == '12.2(2)T3' ) flag++;\nif ( version == '12.2(2)T4' ) flag++;\nif ( version == '12.2(2)XA' ) flag++;\nif ( version == '12.2(2)XA1' ) flag++;\nif ( version == '12.2(2)XA2' ) flag++;\nif ( version == '12.2(2)XA3' ) flag++;\nif ( version == '12.2(2)XA4' ) flag++;\nif ( version == '12.2(2)XA5' ) flag++;\nif ( version == '12.2(2)XB1' ) flag++;\nif ( version == '12.2(2)XB10' ) flag++;\nif ( version == '12.2(2)XB11' ) flag++;\nif ( version == '12.2(2)XB12' ) flag++;\nif ( version == '12.2(2)XB14' ) flag++;\nif ( version == '12.2(2)XB15' ) flag++;\nif ( version == '12.2(2)XB2' ) flag++;\nif ( version == '12.2(2)XB3' ) flag++;\nif ( version == '12.2(2)XB5' ) flag++;\nif ( version == '12.2(2)XB6' ) flag++;\nif ( version == '12.2(2)XB7' ) flag++;\nif ( version == '12.2(2)XB8' ) flag++;\nif ( version == '12.2(2)XC' ) flag++;\nif ( version == '12.2(2)XC1' ) flag++;\nif ( version == '12.2(2)XC2' ) flag++;\nif ( version == '12.2(2)XF' ) flag++;\nif ( version == '12.2(2)XF1' ) flag++;\nif ( version == '12.2(2)XF2' ) flag++;\nif ( version == '12.2(2)XG' ) flag++;\nif ( version == '12.2(2)XG1' ) flag++;\nif ( version == '12.2(2)XH' ) flag++;\nif ( version == '12.2(2)XH1' ) flag++;\nif ( version == '12.2(2)XH2' ) flag++;\nif ( version == '12.2(2)XI' ) flag++;\nif ( version == '12.2(2)XI1' ) flag++;\nif ( version == '12.2(2)XI2' ) flag++;\nif ( version == '12.2(2)XJ' ) flag++;\nif ( version == '12.2(2)XK' ) flag++;\nif ( version == '12.2(2)XK1' ) flag++;\nif ( version == '12.2(2)XK2' ) flag++;\nif ( version == '12.2(2)XK3' ) flag++;\nif ( version == '12.2(2)XN' ) flag++;\nif ( version == '12.2(2)XQ' ) flag++;\nif ( version == '12.2(2)XQ1' ) flag++;\nif ( version == '12.2(2)XR' ) flag++;\nif ( version == '12.2(2)XT' ) flag++;\nif ( version == '12.2(2)XT2' ) flag++;\nif ( version == '12.2(2)XT3' ) flag++;\nif ( version == '12.2(2)XU' ) flag++;\nif ( version == '12.2(2)YC' ) flag++;\nif ( version == '12.2(2)YC1' ) flag++;\nif ( version == '12.2(2)YC2' ) flag++;\nif ( version == '12.2(2)YC3' ) flag++;\nif ( version == '12.2(2)YC4' ) flag++;\nif ( version == '12.2(2)YK' ) flag++;\nif ( version == '12.2(2)YK1' ) flag++;\nif ( version == '12.2(20)EU' ) flag++;\nif ( version == '12.2(20)EU1' ) flag++;\nif ( version == '12.2(20)EU2' ) flag++;\nif ( version == '12.2(20)EW' ) flag++;\nif ( version == '12.2(20)EW1' ) flag++;\nif ( version == '12.2(20)EW2' ) flag++;\nif ( version == '12.2(20)EW3' ) flag++;\nif ( version == '12.2(20)EWA' ) flag++;\nif ( version == '12.2(20)EWA1' ) flag++;\nif ( version == '12.2(20)EWA2' ) flag++;\nif ( version == '12.2(20)EX' ) flag++;\nif ( version == '12.2(20)S' ) flag++;\nif ( version == '12.2(20)S1' ) flag++;\nif ( version == '12.2(20)S10' ) flag++;\nif ( version == '12.2(20)S11' ) flag++;\nif ( version == '12.2(20)S12' ) flag++;\nif ( version == '12.2(20)S2' ) flag++;\nif ( version == '12.2(20)S3' ) flag++;\nif ( version == '12.2(20)S4' ) flag++;\nif ( version == '12.2(20)S5' ) flag++;\nif ( version == '12.2(20)S6' ) flag++;\nif ( version == '12.2(20)S7' ) flag++;\nif ( version == '12.2(20)S8' ) flag++;\nif ( version == '12.2(20)S9' ) flag++;\nif ( version == '12.2(20)SE' ) flag++;\nif ( version == '12.2(20)SE1' ) flag++;\nif ( version == '12.2(20)SE3' ) flag++;\nif ( version == '12.2(20)SE4' ) flag++;\nif ( version == '12.2(20)SW' ) flag++;\nif ( version == '12.2(21)' ) flag++;\nif ( version == '12.2(21)SW' ) flag++;\nif ( version == '12.2(21)SW1' ) flag++;\nif ( version == '12.2(21a)' ) flag++;\nif ( version == '12.2(21b)' ) flag++;\nif ( version == '12.2(22)S' ) flag++;\nif ( version == '12.2(22)S1' ) flag++;\nif ( version == '12.2(22)S2' ) flag++;\nif ( version == '12.2(22)SV' ) flag++;\nif ( version == '12.2(22)SV1' ) flag++;\nif ( version == '12.2(23)' ) flag++;\nif ( version == '12.2(23)SV' ) flag++;\nif ( version == '12.2(23)SV1' ) flag++;\nif ( version == '12.2(23)SW' ) flag++;\nif ( version == '12.2(23)SW1' ) flag++;\nif ( version == '12.2(23a)' ) flag++;\nif ( version == '12.2(23c)' ) flag++;\nif ( version == '12.2(23d)' ) flag++;\nif ( version == '12.2(23e)' ) flag++;\nif ( version == '12.2(23f)' ) flag++;\nif ( version == '12.2(24)' ) flag++;\nif ( version == '12.2(24)SV' ) flag++;\nif ( version == '12.2(24)SV1' ) flag++;\nif ( version == '12.2(24a)' ) flag++;\nif ( version == '12.2(24b)' ) flag++;\nif ( version == '12.2(25)EW' ) flag++;\nif ( version == '12.2(25)EWA' ) flag++;\nif ( version == '12.2(25)EWA1' ) flag++;\nif ( version == '12.2(25)EWA2' ) flag++;\nif ( version == '12.2(25)EWA3' ) flag++;\nif ( version == '12.2(25)EWA4' ) flag++;\nif ( version == '12.2(25)EWA5' ) flag++;\nif ( version == '12.2(25)EWA6' ) flag++;\nif ( version == '12.2(25)EX' ) flag++;\nif ( version == '12.2(25)EX1' ) flag++;\nif ( version == '12.2(25)EY' ) flag++;\nif ( version == '12.2(25)EY1' ) flag++;\nif ( version == '12.2(25)EY2' ) flag++;\nif ( version == '12.2(25)EY3' ) flag++;\nif ( version == '12.2(25)EY4' ) flag++;\nif ( version == '12.2(25)EZ' ) flag++;\nif ( version == '12.2(25)EZ1' ) flag++;\nif ( version == '12.2(25)FX' ) flag++;\nif ( version == '12.2(25)FY' ) flag++;\nif ( version == '12.2(25)FZ' ) flag++;\nif ( version == '12.2(25)S' ) flag++;\nif ( version == '12.2(25)S1' ) flag++;\nif ( version == '12.2(25)S10' ) flag++;\nif ( version == '12.2(25)S2' ) flag++;\nif ( version == '12.2(25)S3' ) flag++;\nif ( version == '12.2(25)S4' ) flag++;\nif ( version == '12.2(25)S5' ) flag++;\nif ( version == '12.2(25)S6' ) flag++;\nif ( version == '12.2(25)S7' ) flag++;\nif ( version == '12.2(25)S8' ) flag++;\nif ( version == '12.2(25)S9' ) flag++;\nif ( version == '12.2(25)SE' ) flag++;\nif ( version == '12.2(25)SE2' ) flag++;\nif ( version == '12.2(25)SE3' ) flag++;\nif ( version == '12.2(25)SEA' ) flag++;\nif ( version == '12.2(25)SEB' ) flag++;\nif ( version == '12.2(25)SEB1' ) flag++;\nif ( version == '12.2(25)SEB2' ) flag++;\nif ( version == '12.2(25)SEB3' ) flag++;\nif ( version == '12.2(25)SEB4' ) flag++;\nif ( version == '12.2(25)SEC' ) flag++;\nif ( version == '12.2(25)SEC1' ) flag++;\nif ( version == '12.2(25)SEC2' ) flag++;\nif ( version == '12.2(25)SED' ) flag++;\nif ( version == '12.2(25)SED1' ) flag++;\nif ( version == '12.2(25)SEE' ) flag++;\nif ( version == '12.2(25)SEE1' ) flag++;\nif ( version == '12.2(25)SEE2' ) flag++;\nif ( version == '12.2(25)SEF1' ) flag++;\nif ( version == '12.2(25)SEG' ) flag++;\nif ( version == '12.2(25)SEG1' ) flag++;\nif ( version == '12.2(25)SG' ) flag++;\nif ( version == '12.2(25)SV' ) flag++;\nif ( version == '12.2(25)SV2' ) flag++;\nif ( version == '12.2(25)SV3' ) flag++;\nif ( version == '12.2(25)SW1' ) flag++;\nif ( version == '12.2(25)SW2' ) flag++;\nif ( version == '12.2(25)SW3' ) flag++;\nif ( version == '12.2(25)SW3a' ) flag++;\nif ( version == '12.2(25)SW4' ) flag++;\nif ( version == '12.2(25)SW4a' ) flag++;\nif ( version == '12.2(25)SW5' ) flag++;\nif ( version == '12.2(26)' ) flag++;\nif ( version == '12.2(26)SV' ) flag++;\nif ( version == '12.2(26)SV1' ) flag++;\nif ( version == '12.2(26a)' ) flag++;\nif ( version == '12.2(26b)' ) flag++;\nif ( version == '12.2(27)' ) flag++;\nif ( version == '12.2(27)SBC' ) flag++;\nif ( version == '12.2(27)SBC1' ) flag++;\nif ( version == '12.2(27)SBC2' ) flag++;\nif ( version == '12.2(27)SBC3' ) flag++;\nif ( version == '12.2(27)SBC4' ) flag++;\nif ( version == '12.2(27)SBC5' ) flag++;\nif ( version == '12.2(27)SV' ) flag++;\nif ( version == '12.2(27)SV1' ) flag++;\nif ( version == '12.2(27)SV2' ) flag++;\nif ( version == '12.2(27)SV3' ) flag++;\nif ( version == '12.2(27)SV4' ) flag++;\nif ( version == '12.2(27a)' ) flag++;\nif ( version == '12.2(27b)' ) flag++;\nif ( version == '12.2(28)' ) flag++;\nif ( version == '12.2(28)SB' ) flag++;\nif ( version == '12.2(28)SB1' ) flag++;\nif ( version == '12.2(28)SB2' ) flag++;\nif ( version == '12.2(28)SB3' ) flag++;\nif ( version == '12.2(28)SV' ) flag++;\nif ( version == '12.2(28)VZ' ) flag++;\nif ( version == '12.2(28)ZX' ) flag++;\nif ( version == '12.2(28a)' ) flag++;\nif ( version == '12.2(28b)' ) flag++;\nif ( version == '12.2(28b)ZV1' ) flag++;\nif ( version == '12.2(28c)' ) flag++;\nif ( version == '12.2(29)' ) flag++;\nif ( version == '12.2(29)SM' ) flag++;\nif ( version == '12.2(29)SM1' ) flag++;\nif ( version == '12.2(29)SV' ) flag++;\nif ( version == '12.2(29)SV1' ) flag++;\nif ( version == '12.2(29)SV2' ) flag++;\nif ( version == '12.2(29a)' ) flag++;\nif ( version == '12.2(29a)SV' ) flag++;\nif ( version == '12.2(3)' ) flag++;\nif ( version == '12.2(30)S' ) flag++;\nif ( version == '12.2(30)S1' ) flag++;\nif ( version == '12.2(31)' ) flag++;\nif ( version == '12.2(31)SG' ) flag++;\nif ( version == '12.2(32)' ) flag++;\nif ( version == '12.2(33)SRA' ) flag++;\nif ( version == '12.2(34)' ) flag++;\nif ( version == '12.2(34a)' ) flag++;\nif ( version == '12.2(37)' ) flag++;\nif ( version == '12.2(3a)' ) flag++;\nif ( version == '12.2(3b)' ) flag++;\nif ( version == '12.2(3c)' ) flag++;\nif ( version == '12.2(3d)' ) flag++;\nif ( version == '12.2(3g)' ) flag++;\nif ( version == '12.2(4)B' ) flag++;\nif ( version == '12.2(4)B1' ) flag++;\nif ( version == '12.2(4)B2' ) flag++;\nif ( version == '12.2(4)B3' ) flag++;\nif ( version == '12.2(4)B4' ) flag++;\nif ( version == '12.2(4)B5' ) flag++;\nif ( version == '12.2(4)B6' ) flag++;\nif ( version == '12.2(4)B7' ) flag++;\nif ( version == '12.2(4)B8' ) flag++;\nif ( version == '12.2(4)BC1' ) flag++;\nif ( version == '12.2(4)BC1a' ) flag++;\nif ( version == '12.2(4)BC1b' ) flag++;\nif ( version == '12.2(4)BW' ) flag++;\nif ( version == '12.2(4)BW1' ) flag++;\nif ( version == '12.2(4)BW1a' ) flag++;\nif ( version == '12.2(4)BW2' ) flag++;\nif ( version == '12.2(4)BZ1' ) flag++;\nif ( version == '12.2(4)BZ2' ) flag++;\nif ( version == '12.2(4)JA' ) flag++;\nif ( version == '12.2(4)JA1' ) flag++;\nif ( version == '12.2(4)MB1' ) flag++;\nif ( version == '12.2(4)MB10' ) flag++;\nif ( version == '12.2(4)MB11' ) flag++;\nif ( version == '12.2(4)MB12' ) flag++;\nif ( version == '12.2(4)MB13' ) flag++;\nif ( version == '12.2(4)MB13a' ) flag++;\nif ( version == '12.2(4)MB13b' ) flag++;\nif ( version == '12.2(4)MB13c' ) flag++;\nif ( version == '12.2(4)MB2' ) flag++;\nif ( version == '12.2(4)MB3' ) flag++;\nif ( version == '12.2(4)MB4' ) flag++;\nif ( version == '12.2(4)MB5' ) flag++;\nif ( version == '12.2(4)MB6' ) flag++;\nif ( version == '12.2(4)MB7' ) flag++;\nif ( version == '12.2(4)MB8' ) flag++;\nif ( version == '12.2(4)MB9' ) flag++;\nif ( version == '12.2(4)MB9a' ) flag++;\nif ( version == '12.2(4)T' ) flag++;\nif ( version == '12.2(4)T1' ) flag++;\nif ( version == '12.2(4)T2' ) flag++;\nif ( version == '12.2(4)T3' ) flag++;\nif ( version == '12.2(4)T5' ) flag++;\nif ( version == '12.2(4)T6' ) flag++;\nif ( version == '12.2(4)T7' ) flag++;\nif ( version == '12.2(4)XF' ) flag++;\nif ( version == '12.2(4)XF1' ) flag++;\nif ( version == '12.2(4)XL' ) flag++;\nif ( version == '12.2(4)XL1' ) flag++;\nif ( version == '12.2(4)XL2' ) flag++;\nif ( version == '12.2(4)XL3' ) flag++;\nif ( version == '12.2(4)XL4' ) flag++;\nif ( version == '12.2(4)XL5' ) flag++;\nif ( version == '12.2(4)XL6' ) flag++;\nif ( version == '12.2(4)XM' ) flag++;\nif ( version == '12.2(4)XM1' ) flag++;\nif ( version == '12.2(4)XM2' ) flag++;\nif ( version == '12.2(4)XM3' ) flag++;\nif ( version == '12.2(4)XM4' ) flag++;\nif ( version == '12.2(4)XR' ) flag++;\nif ( version == '12.2(4)XV' ) flag++;\nif ( version == '12.2(4)XV1' ) flag++;\nif ( version == '12.2(4)XV2' ) flag++;\nif ( version == '12.2(4)XV3' ) flag++;\nif ( version == '12.2(4)XV4' ) flag++;\nif ( version == '12.2(4)XV4a' ) flag++;\nif ( version == '12.2(4)XV5' ) flag++;\nif ( version == '12.2(4)XW' ) flag++;\nif ( version == '12.2(4)YA' ) flag++;\nif ( version == '12.2(4)YA1' ) flag++;\nif ( version == '12.2(4)YA10' ) flag++;\nif ( version == '12.2(4)YA11' ) flag++;\nif ( version == '12.2(4)YA2' ) flag++;\nif ( version == '12.2(4)YA3' ) flag++;\nif ( version == '12.2(4)YA4' ) flag++;\nif ( version == '12.2(4)YA5' ) flag++;\nif ( version == '12.2(4)YA6' ) flag++;\nif ( version == '12.2(4)YA7' ) flag++;\nif ( version == '12.2(4)YA8' ) flag++;\nif ( version == '12.2(4)YA9' ) flag++;\nif ( version == '12.2(4)YB' ) flag++;\nif ( version == '12.2(4)YF' ) flag++;\nif ( version == '12.2(4)YG' ) flag++;\nif ( version == '12.2(4)YH' ) flag++;\nif ( version == '12.2(5)' ) flag++;\nif ( version == '12.2(5)DA' ) flag++;\nif ( version == '12.2(5)DA1' ) flag++;\nif ( version == '12.2(5a)' ) flag++;\nif ( version == '12.2(5b)' ) flag++;\nif ( version == '12.2(5c)' ) flag++;\nif ( version == '12.2(5d)' ) flag++;\nif ( version == '12.2(6)' ) flag++;\nif ( version == '12.2(6a)' ) flag++;\nif ( version == '12.2(6b)' ) flag++;\nif ( version == '12.2(6c)' ) flag++;\nif ( version == '12.2(6c)M1' ) flag++;\nif ( version == '12.2(6d)' ) flag++;\nif ( version == '12.2(6e)' ) flag++;\nif ( version == '12.2(6f)' ) flag++;\nif ( version == '12.2(6g)' ) flag++;\nif ( version == '12.2(6h)' ) flag++;\nif ( version == '12.2(6i)' ) flag++;\nif ( version == '12.2(6j)' ) flag++;\nif ( version == '12.2(7)' ) flag++;\nif ( version == '12.2(7)DA' ) flag++;\nif ( version == '12.2(7a)' ) flag++;\nif ( version == '12.2(7b)' ) flag++;\nif ( version == '12.2(7c)' ) flag++;\nif ( version == '12.2(7e)' ) flag++;\nif ( version == '12.2(7g)' ) flag++;\nif ( version == '12.2(8)BC1' ) flag++;\nif ( version == '12.2(8)BC2' ) flag++;\nif ( version == '12.2(8)BC2a' ) flag++;\nif ( version == '12.2(8)BY' ) flag++;\nif ( version == '12.2(8)BY1' ) flag++;\nif ( version == '12.2(8)BY2' ) flag++;\nif ( version == '12.2(8)JA' ) flag++;\nif ( version == '12.2(8)MC1' ) flag++;\nif ( version == '12.2(8)MC2' ) flag++;\nif ( version == '12.2(8)MC2a' ) flag++;\nif ( version == '12.2(8)MC2b' ) flag++;\nif ( version == '12.2(8)MC2c' ) flag++;\nif ( version == '12.2(8)MC2d' ) flag++;\nif ( version == '12.2(8)T' ) flag++;\nif ( version == '12.2(8)T1' ) flag++;\nif ( version == '12.2(8)T10' ) flag++;\nif ( version == '12.2(8)T2' ) flag++;\nif ( version == '12.2(8)T3' ) flag++;\nif ( version == '12.2(8)T4' ) flag++;\nif ( version == '12.2(8)T5' ) flag++;\nif ( version == '12.2(8)T8' ) flag++;\nif ( version == '12.2(8)TPC10a' ) flag++;\nif ( version == '12.2(8)YD' ) flag++;\nif ( version == '12.2(8)YD1' ) flag++;\nif ( version == '12.2(8)YD2' ) flag++;\nif ( version == '12.2(8)YD3' ) flag++;\nif ( version == '12.2(8)YJ' ) flag++;\nif ( version == '12.2(8)YJ1' ) flag++;\nif ( version == '12.2(8)YL' ) flag++;\nif ( version == '12.2(8)YM' ) flag++;\nif ( version == '12.2(8)YN' ) flag++;\nif ( version == '12.2(8)YN1' ) flag++;\nif ( version == '12.2(8)YW' ) flag++;\nif ( version == '12.2(8)YW1' ) flag++;\nif ( version == '12.2(8)YW2' ) flag++;\nif ( version == '12.2(8)YW3' ) flag++;\nif ( version == '12.2(8)YY' ) flag++;\nif ( version == '12.2(8)YY1' ) flag++;\nif ( version == '12.2(8)YY2' ) flag++;\nif ( version == '12.2(8)YY3' ) flag++;\nif ( version == '12.2(8)YY4' ) flag++;\nif ( version == '12.2(8)ZB' ) flag++;\nif ( version == '12.2(8)ZB1' ) flag++;\nif ( version == '12.2(8)ZB2' ) flag++;\nif ( version == '12.2(8)ZB3' ) flag++;\nif ( version == '12.2(8)ZB4' ) flag++;\nif ( version == '12.2(8)ZB4a' ) flag++;\nif ( version == '12.2(8)ZB5' ) flag++;\nif ( version == '12.2(8)ZB6' ) flag++;\nif ( version == '12.2(8)ZB7' ) flag++;\nif ( version == '12.2(8)ZB8' ) flag++;\nif ( version == '12.2(9)S' ) flag++;\nif ( version == '12.2(9)ZA' ) flag++;\nif ( version == '12.3(1)' ) flag++;\nif ( version == '12.3(10)' ) flag++;\nif ( version == '12.3(10a)' ) flag++;\nif ( version == '12.3(10b)' ) flag++;\nif ( version == '12.3(10c)' ) flag++;\nif ( version == '12.3(10d)' ) flag++;\nif ( version == '12.3(10e)' ) flag++;\nif ( version == '12.3(10f)' ) flag++;\nif ( version == '12.3(11)JX' ) flag++;\nif ( version == '12.3(11)JX1' ) flag++;\nif ( version == '12.3(11)T' ) flag++;\nif ( version == '12.3(11)T10' ) flag++;\nif ( version == '12.3(11)T2' ) flag++;\nif ( version == '12.3(11)T3' ) flag++;\nif ( version == '12.3(11)T4' ) flag++;\nif ( version == '12.3(11)T5' ) flag++;\nif ( version == '12.3(11)T6' ) flag++;\nif ( version == '12.3(11)T7' ) flag++;\nif ( version == '12.3(11)T8' ) flag++;\nif ( version == '12.3(11)T9' ) flag++;\nif ( version == '12.3(11)XL' ) flag++;\nif ( version == '12.3(11)XL1' ) flag++;\nif ( version == '12.3(11)YF' ) flag++;\nif ( version == '12.3(11)YF1' ) flag++;\nif ( version == '12.3(11)YF2' ) flag++;\nif ( version == '12.3(11)YF3' ) flag++;\nif ( version == '12.3(11)YF4' ) flag++;\nif ( version == '12.3(11)YJ' ) flag++;\nif ( version == '12.3(11)YK' ) flag++;\nif ( version == '12.3(11)YK1' ) flag++;\nif ( version == '12.3(11)YK2' ) flag++;\nif ( version == '12.3(11)YS' ) flag++;\nif ( version == '12.3(11)YS1' ) flag++;\nif ( version == '12.3(11)YZ' ) flag++;\nif ( version == '12.3(11)YZ1' ) flag++;\nif ( version == '12.3(12)' ) flag++;\nif ( version == '12.3(12a)' ) flag++;\nif ( version == '12.3(12b)' ) flag++;\nif ( version == '12.3(12c)' ) flag++;\nif ( version == '12.3(12d)' ) flag++;\nif ( version == '12.3(12e)' ) flag++;\nif ( version == '12.3(13)' ) flag++;\nif ( version == '12.3(13a)' ) flag++;\nif ( version == '12.3(13a)BC' ) flag++;\nif ( version == '12.3(13a)BC1' ) flag++;\nif ( version == '12.3(13a)BC2' ) flag++;\nif ( version == '12.3(13a)BC3' ) flag++;\nif ( version == '12.3(13a)BC4' ) flag++;\nif ( version == '12.3(13a)BC5' ) flag++;\nif ( version == '12.3(13a)BC6' ) flag++;\nif ( version == '12.3(13b)' ) flag++;\nif ( version == '12.3(14)T' ) flag++;\nif ( version == '12.3(14)T1' ) flag++;\nif ( version == '12.3(14)T2' ) flag++;\nif ( version == '12.3(14)T3' ) flag++;\nif ( version == '12.3(14)T5' ) flag++;\nif ( version == '12.3(14)T6' ) flag++;\nif ( version == '12.3(14)T7' ) flag++;\nif ( version == '12.3(14)YM2' ) flag++;\nif ( version == '12.3(14)YM3' ) flag++;\nif ( version == '12.3(14)YM4' ) flag++;\nif ( version == '12.3(14)YM5' ) flag++;\nif ( version == '12.3(14)YM6' ) flag++;\nif ( version == '12.3(14)YM7' ) flag++;\nif ( version == '12.3(14)YQ' ) flag++;\nif ( version == '12.3(14)YQ1' ) flag++;\nif ( version == '12.3(14)YQ2' ) flag++;\nif ( version == '12.3(14)YQ3' ) flag++;\nif ( version == '12.3(14)YQ4' ) flag++;\nif ( version == '12.3(14)YQ5' ) flag++;\nif ( version == '12.3(14)YQ6' ) flag++;\nif ( version == '12.3(14)YQ7' ) flag++;\nif ( version == '12.3(14)YQ8' ) flag++;\nif ( version == '12.3(14)YT' ) flag++;\nif ( version == '12.3(14)YT1' ) flag++;\nif ( version == '12.3(14)YU' ) flag++;\nif ( version == '12.3(14)YU1' ) flag++;\nif ( version == '12.3(14)YX' ) flag++;\nif ( version == '12.3(14)YX1' ) flag++;\nif ( version == '12.3(14)YX2' ) flag++;\nif ( version == '12.3(14)YX3' ) flag++;\nif ( version == '12.3(15)' ) flag++;\nif ( version == '12.3(15a)' ) flag++;\nif ( version == '12.3(15b)' ) flag++;\nif ( version == '12.3(16)' ) flag++;\nif ( version == '12.3(16a)' ) flag++;\nif ( version == '12.3(17)' ) flag++;\nif ( version == '12.3(17a)' ) flag++;\nif ( version == '12.3(17a)BC' ) flag++;\nif ( version == '12.3(17a)BC1' ) flag++;\nif ( version == '12.3(17a)BC2' ) flag++;\nif ( version == '12.3(17b)' ) flag++;\nif ( version == '12.3(18)' ) flag++;\nif ( version == '12.3(19)' ) flag++;\nif ( version == '12.3(1a)' ) flag++;\nif ( version == '12.3(1a)B' ) flag++;\nif ( version == '12.3(1a)BW' ) flag++;\nif ( version == '12.3(2)JA' ) flag++;\nif ( version == '12.3(2)JA1' ) flag++;\nif ( version == '12.3(2)JA2' ) flag++;\nif ( version == '12.3(2)JA5' ) flag++;\nif ( version == '12.3(2)JA6' ) flag++;\nif ( version == '12.3(2)JK' ) flag++;\nif ( version == '12.3(2)JK1' ) flag++;\nif ( version == '12.3(2)JL' ) flag++;\nif ( version == '12.3(2)T' ) flag++;\nif ( version == '12.3(2)T1' ) flag++;\nif ( version == '12.3(2)T2' ) flag++;\nif ( version == '12.3(2)T3' ) flag++;\nif ( version == '12.3(2)T4' ) flag++;\nif ( version == '12.3(2)T5' ) flag++;\nif ( version == '12.3(2)T6' ) flag++;\nif ( version == '12.3(2)T7' ) flag++;\nif ( version == '12.3(2)T8' ) flag++;\nif ( version == '12.3(2)T9' ) flag++;\nif ( version == '12.3(2)XA' ) flag++;\nif ( version == '12.3(2)XA1' ) flag++;\nif ( version == '12.3(2)XA2' ) flag++;\nif ( version == '12.3(2)XA3' ) flag++;\nif ( version == '12.3(2)XA4' ) flag++;\nif ( version == '12.3(2)XA5' ) flag++;\nif ( version == '12.3(2)XB' ) flag++;\nif ( version == '12.3(2)XB1' ) flag++;\nif ( version == '12.3(2)XB3' ) flag++;\nif ( version == '12.3(2)XC' ) flag++;\nif ( version == '12.3(2)XC1' ) flag++;\nif ( version == '12.3(2)XC2' ) flag++;\nif ( version == '12.3(2)XC3' ) flag++;\nif ( version == '12.3(2)XC4' ) flag++;\nif ( version == '12.3(2)XE' ) flag++;\nif ( version == '12.3(2)XE1' ) flag++;\nif ( version == '12.3(2)XE2' ) flag++;\nif ( version == '12.3(2)XE3' ) flag++;\nif ( version == '12.3(2)XE4' ) flag++;\nif ( version == '12.3(2)XF' ) flag++;\nif ( version == '12.3(2)XZ' ) flag++;\nif ( version == '12.3(2)XZ1' ) flag++;\nif ( version == '12.3(2)XZ2' ) flag++;\nif ( version == '12.3(20)' ) flag++;\nif ( version == '12.3(3)' ) flag++;\nif ( version == '12.3(3)B' ) flag++;\nif ( version == '12.3(3)B1' ) flag++;\nif ( version == '12.3(3a)' ) flag++;\nif ( version == '12.3(3b)' ) flag++;\nif ( version == '12.3(3c)' ) flag++;\nif ( version == '12.3(3e)' ) flag++;\nif ( version == '12.3(3f)' ) flag++;\nif ( version == '12.3(3g)' ) flag++;\nif ( version == '12.3(3h)' ) flag++;\nif ( version == '12.3(3i)' ) flag++;\nif ( version == '12.3(4)JA' ) flag++;\nif ( version == '12.3(4)JA1' ) flag++;\nif ( version == '12.3(4)JA2' ) flag++;\nif ( version == '12.3(4)T' ) flag++;\nif ( version == '12.3(4)T1' ) flag++;\nif ( version == '12.3(4)T10' ) flag++;\nif ( version == '12.3(4)T11' ) flag++;\nif ( version == '12.3(4)T2' ) flag++;\nif ( version == '12.3(4)T2a' ) flag++;\nif ( version == '12.3(4)T3' ) flag++;\nif ( version == '12.3(4)T4' ) flag++;\nif ( version == '12.3(4)T6' ) flag++;\nif ( version == '12.3(4)T7' ) flag++;\nif ( version == '12.3(4)T8' ) flag++;\nif ( version == '12.3(4)T9' ) flag++;\nif ( version == '12.3(4)TPC11a' ) flag++;\nif ( version == '12.3(4)XD' ) flag++;\nif ( version == '12.3(4)XD1' ) flag++;\nif ( version == '12.3(4)XD2' ) flag++;\nif ( version == '12.3(4)XD3' ) flag++;\nif ( version == '12.3(4)XD4' ) flag++;\nif ( version == '12.3(4)XG' ) flag++;\nif ( version == '12.3(4)XG1' ) flag++;\nif ( version == '12.3(4)XG2' ) flag++;\nif ( version == '12.3(4)XG3' ) flag++;\nif ( version == '12.3(4)XG4' ) flag++;\nif ( version == '12.3(4)XG5' ) flag++;\nif ( version == '12.3(4)XK' ) flag++;\nif ( version == '12.3(4)XK1' ) flag++;\nif ( version == '12.3(4)XK2' ) flag++;\nif ( version == '12.3(4)XK3' ) flag++;\nif ( version == '12.3(4)XK4' ) flag++;\nif ( version == '12.3(4)XQ' ) flag++;\nif ( version == '12.3(4)XQ1' ) flag++;\nif ( version == '12.3(5)' ) flag++;\nif ( version == '12.3(5a)' ) flag++;\nif ( version == '12.3(5a)B' ) flag++;\nif ( version == '12.3(5a)B1' ) flag++;\nif ( version == '12.3(5a)B2' ) flag++;\nif ( version == '12.3(5a)B3' ) flag++;\nif ( version == '12.3(5a)B4' ) flag++;\nif ( version == '12.3(5a)B5' ) flag++;\nif ( version == '12.3(5b)' ) flag++;\nif ( version == '12.3(5c)' ) flag++;\nif ( version == '12.3(5d)' ) flag++;\nif ( version == '12.3(5e)' ) flag++;\nif ( version == '12.3(5f)' ) flag++;\nif ( version == '12.3(6)' ) flag++;\nif ( version == '12.3(6a)' ) flag++;\nif ( version == '12.3(6b)' ) flag++;\nif ( version == '12.3(6c)' ) flag++;\nif ( version == '12.3(6e)' ) flag++;\nif ( version == '12.3(6f)' ) flag++;\nif ( version == '12.3(7)JA' ) flag++;\nif ( version == '12.3(7)JA1' ) flag++;\nif ( version == '12.3(7)JA2' ) flag++;\nif ( version == '12.3(7)JA3' ) flag++;\nif ( version == '12.3(7)JA4' ) flag++;\nif ( version == '12.3(7)T' ) flag++;\nif ( version == '12.3(7)T1' ) flag++;\nif ( version == '12.3(7)T10' ) flag++;\nif ( version == '12.3(7)T11' ) flag++;\nif ( version == '12.3(7)T12' ) flag++;\nif ( version == '12.3(7)T2' ) flag++;\nif ( version == '12.3(7)T3' ) flag++;\nif ( version == '12.3(7)T4' ) flag++;\nif ( version == '12.3(7)T6' ) flag++;\nif ( version == '12.3(7)T7' ) flag++;\nif ( version == '12.3(7)T8' ) flag++;\nif ( version == '12.3(7)T9' ) flag++;\nif ( version == '12.3(7)XI1' ) flag++;\nif ( version == '12.3(7)XI1b' ) flag++;\nif ( version == '12.3(7)XI1c' ) flag++;\nif ( version == '12.3(7)XI2' ) flag++;\nif ( version == '12.3(7)XI2a' ) flag++;\nif ( version == '12.3(7)XI3' ) flag++;\nif ( version == '12.3(7)XI4' ) flag++;\nif ( version == '12.3(7)XI5' ) flag++;\nif ( version == '12.3(7)XI6' ) flag++;\nif ( version == '12.3(7)XI7' ) flag++;\nif ( version == '12.3(7)XI7a' ) flag++;\nif ( version == '12.3(7)XI7b' ) flag++;\nif ( version == '12.3(7)XI8' ) flag++;\nif ( version == '12.3(7)XJ' ) flag++;\nif ( version == '12.3(7)XJ1' ) flag++;\nif ( version == '12.3(7)XJ2' ) flag++;\nif ( version == '12.3(7)XR' ) flag++;\nif ( version == '12.3(7)XR2' ) flag++;\nif ( version == '12.3(7)XR3' ) flag++;\nif ( version == '12.3(7)XR4' ) flag++;\nif ( version == '12.3(7)XR5' ) flag++;\nif ( version == '12.3(7)XR6' ) flag++;\nif ( version == '12.3(7)XS' ) flag++;\nif ( version == '12.3(7)XS1' ) flag++;\nif ( version == '12.3(7)XS2' ) flag++;\nif ( version == '12.3(8)JA' ) flag++;\nif ( version == '12.3(8)JA1' ) flag++;\nif ( version == '12.3(8)JA2' ) flag++;\nif ( version == '12.3(8)T' ) flag++;\nif ( version == '12.3(8)T1' ) flag++;\nif ( version == '12.3(8)T10' ) flag++;\nif ( version == '12.3(8)T11' ) flag++;\nif ( version == '12.3(8)T3' ) flag++;\nif ( version == '12.3(8)T4' ) flag++;\nif ( version == '12.3(8)T5' ) flag++;\nif ( version == '12.3(8)T6' ) flag++;\nif ( version == '12.3(8)T7' ) flag++;\nif ( version == '12.3(8)T8' ) flag++;\nif ( version == '12.3(8)T9' ) flag++;\nif ( version == '12.3(8)XU' ) flag++;\nif ( version == '12.3(8)XU1' ) flag++;\nif ( version == '12.3(8)XU2' ) flag++;\nif ( version == '12.3(8)XU3' ) flag++;\nif ( version == '12.3(8)XU4' ) flag++;\nif ( version == '12.3(8)XU5' ) flag++;\nif ( version == '12.3(8)XW' ) flag++;\nif ( version == '12.3(8)XW1' ) flag++;\nif ( version == '12.3(8)XW2' ) flag++;\nif ( version == '12.3(8)XW3' ) flag++;\nif ( version == '12.3(8)XX' ) flag++;\nif ( version == '12.3(8)XX1' ) flag++;\nif ( version == '12.3(8)XY' ) flag++;\nif ( version == '12.3(8)XY1' ) flag++;\nif ( version == '12.3(8)XY2' ) flag++;\nif ( version == '12.3(8)XY3' ) flag++;\nif ( version == '12.3(8)XY4' ) flag++;\nif ( version == '12.3(8)XY5' ) flag++;\nif ( version == '12.3(8)XY6' ) flag++;\nif ( version == '12.3(8)XY7' ) flag++;\nif ( version == '12.3(8)YA' ) flag++;\nif ( version == '12.3(8)YA1' ) flag++;\nif ( version == '12.3(8)YD' ) flag++;\nif ( version == '12.3(8)YD1' ) flag++;\nif ( version == '12.3(8)YG' ) flag++;\nif ( version == '12.3(8)YG1' ) flag++;\nif ( version == '12.3(8)YG2' ) flag++;\nif ( version == '12.3(8)YG3' ) flag++;\nif ( version == '12.3(8)YG4' ) flag++;\nif ( version == '12.3(8)YG5' ) flag++;\nif ( version == '12.3(8)YH' ) flag++;\nif ( version == '12.3(8)YI1' ) flag++;\nif ( version == '12.3(8)YI2' ) flag++;\nif ( version == '12.3(8)YI3' ) flag++;\nif ( version == '12.3(8)ZA' ) flag++;\nif ( version == '12.3(9)' ) flag++;\nif ( version == '12.3(9a)' ) flag++;\nif ( version == '12.3(9a)BC' ) flag++;\nif ( version == '12.3(9a)BC1' ) flag++;\nif ( version == '12.3(9a)BC2' ) flag++;\nif ( version == '12.3(9a)BC3' ) flag++;\nif ( version == '12.3(9a)BC4' ) flag++;\nif ( version == '12.3(9a)BC5' ) flag++;\nif ( version == '12.3(9a)BC6' ) flag++;\nif ( version == '12.3(9a)BC7' ) flag++;\nif ( version == '12.3(9a)BC8' ) flag++;\nif ( version == '12.3(9a)BC9' ) flag++;\nif ( version == '12.3(9b)' ) flag++;\nif ( version == '12.3(9c)' ) flag++;\nif ( version == '12.3(9d)' ) flag++;\nif ( version == '12.3(9e)' ) flag++;\nif ( version == '12.4(1)' ) flag++;\nif ( version == '12.4(1a)' ) flag++;\nif ( version == '12.4(1b)' ) flag++;\nif ( version == '12.4(1c)' ) flag++;\nif ( version == '12.4(2)MR' ) flag++;\nif ( version == '12.4(2)MR1' ) flag++;\nif ( version == '12.4(2)T' ) flag++;\nif ( version == '12.4(2)T1' ) flag++;\nif ( version == '12.4(2)T2' ) flag++;\nif ( version == '12.4(2)T3' ) flag++;\nif ( version == '12.4(2)T4' ) flag++;\nif ( version == '12.4(2)T5' ) flag++;\nif ( version == '12.4(2)XA' ) flag++;\nif ( version == '12.4(2)XA1' ) flag++;\nif ( version == '12.4(2)XA2' ) flag++;\nif ( version == '12.4(2)XB' ) flag++;\nif ( version == '12.4(2)XB1' ) flag++;\nif ( version == '12.4(2)XB2' ) flag++;\nif ( version == '12.4(3)' ) flag++;\nif ( version == '12.4(3a)' ) flag++;\nif ( version == '12.4(3b)' ) flag++;\nif ( version == '12.4(3c)' ) flag++;\nif ( version == '12.4(3d)' ) flag++;\nif ( version == '12.4(3e)' ) flag++;\nif ( version == '12.4(4)MR' ) flag++;\nif ( version == '12.4(4)MR1' ) flag++;\nif ( version == '12.4(4)T' ) flag++;\nif ( version == '12.4(4)T1' ) flag++;\nif ( version == '12.4(4)T2' ) flag++;\nif ( version == '12.4(4)T3' ) flag++;\nif ( version == '12.4(4)T4' ) flag++;\nif ( version == '12.4(4)XC' ) flag++;\nif ( version == '12.4(4)XC1' ) flag++;\nif ( version == '12.4(4)XC2' ) flag++;\nif ( version == '12.4(4)XC3' ) flag++;\nif ( version == '12.4(4)XC4' ) flag++;\nif ( version == '12.4(4)XD' ) flag++;\nif ( version == '12.4(4)XD1' ) flag++;\nif ( version == '12.4(4)XD2' ) flag++;\nif ( version == '12.4(5)' ) flag++;\nif ( version == '12.4(5a)' ) flag++;\nif ( version == '12.4(5b)' ) flag++;\nif ( version == '12.4(6)MR' ) flag++;\nif ( version == '12.4(6)MR1' ) flag++;\nif ( version == '12.4(6)T' ) flag++;\nif ( version == '12.4(6)T1' ) flag++;\nif ( version == '12.4(6)T2' ) flag++;\nif ( version == '12.4(6)T3' ) flag++;\nif ( version == '12.4(6)XE' ) flag++;\nif ( version == '12.4(6)XE1' ) flag++;\nif ( version == '12.4(7)' ) flag++;\nif ( version == '12.4(7a)' ) flag++;\nif ( version == '12.4(7b)' ) flag++;\nif ( version == '12.4(8)' ) flag++;\nif ( version == '12.4(8a)' ) flag++;\nif ( version == '12.4(9)T' ) flag++;\nif (get_kb_item(\"Host/local_checks_enabled\"))\n{\n if (flag)\n {\n flag = 0;\n buf = cisco_command_kb_item(\"Host/Cisco/Config/show_snmp_group\", \"show snmp group\");\n if (check_cisco_result(buf))\n {\n if (preg(pattern:\"[Ss]ecurity\\s+[Mm]odel:v3\", multiline:TRUE, string:buf)) { flag = 1; }\n } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }\n }\n}\n\n\nif (flag)\n{\n security_hole(port:0, extra:cisco_caveat(override));\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:05", "bulletinFamily": "scanner", "description": "A flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could use this flaw to spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n\nA buffer overflow was found in the Perl bindings for Net-SNMP. This could be exploited if an attacker could convince an application using the Net-SNMP Perl module to connect to a malicious SNMP agent.\n(CVE-2008-2292)", "modified": "2019-01-07T00:00:00", "id": "SL_20080610_NET_SNMP_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60419", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : net-snmp on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60419);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2008-0960\", \"CVE-2008-2292\");\n\n script_name(english:\"Scientific Linux Security Update : net-snmp on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way Net-SNMP checked an SNMPv3 packet's\nKeyed-Hash Message Authentication Code (HMAC). An attacker could use\nthis flaw to spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n\nA buffer overflow was found in the Perl bindings for Net-SNMP. This\ncould be exploited if an attacker could convince an application using\nthe Net-SNMP Perl module to connect to a malicious SNMP agent.\n(CVE-2008-2292)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0806&L=scientific-linux-errata&T=0&P=991\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?638c7a60\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"net-snmp-5.0.9-2.30E.24\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"net-snmp-devel-5.0.9-2.30E.24\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"net-snmp-libs-5.0.9-2.30E.24\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"net-snmp-perl-5.0.9-2.30E.24\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"net-snmp-utils-5.0.9-2.30E.24\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"net-snmp-5.1.2-11.el4_6.11.3\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"net-snmp-devel-5.1.2-11.el4_6.11.3\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"net-snmp-libs-5.1.2-11.el4_6.11.3\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"net-snmp-perl-5.1.2-11.el4_6.11.3\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"net-snmp-utils-5.1.2-11.el4_6.11.3\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"net-snmp-5.3.1-24.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"net-snmp-devel-5.3.1-24.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"net-snmp-libs-5.3.1-24.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"net-snmp-perl-5.3.1-24.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"net-snmp-utils-5.3.1-24.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:59", "bulletinFamily": "scanner", "description": "- Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-18\n\n - explicitly require lm_sensor > 3 for build (#442718)\n\n - fix various flaws (CVE-2008-2292 CVE-2008-0960)\n\n - Sat May 31 2008 Dennis Gilmore <dennis at ausil.us> 5.4.1-17\n\n - fix sparc handling in /usr/bin/net-snmp-config\n\n - Thu May 29 2008 Dennis Gilmore <dennis at ausil.us> 5.4.1-16\n\n - fix /usr/include/net-snmp-config.h for sparc\n\n - Sun May 25 2008 Dennis Gilmore <dennis at ausil.us> 5.4.1-15\n\n - sparc multilib handling\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2008-5215.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33146", "published": "2008-06-12T00:00:00", "title": "Fedora 9 : net-snmp-5.4.1-18.fc9 (2008-5215)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-5215.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33146);\n script_version (\"1.26\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2008-0960\", \"CVE-2008-2292\");\n script_bugtraq_id(29212, 29623);\n script_xref(name:\"FEDORA\", value:\"2008-5215\");\n\n script_name(english:\"Fedora 9 : net-snmp-5.4.1-18.fc9 (2008-5215)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com>\n 5.4.1-18\n\n - explicitly require lm_sensor > 3 for build (#442718)\n\n - fix various flaws (CVE-2008-2292 CVE-2008-0960)\n\n - Sat May 31 2008 Dennis Gilmore <dennis at ausil.us>\n 5.4.1-17\n\n - fix sparc handling in /usr/bin/net-snmp-config\n\n - Thu May 29 2008 Dennis Gilmore <dennis at ausil.us>\n 5.4.1-16\n\n - fix /usr/include/net-snmp-config.h for sparc\n\n - Sun May 25 2008 Dennis Gilmore <dennis at ausil.us>\n 5.4.1-15\n\n - sparc multilib handling\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=447262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=447974\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9983b0e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"net-snmp-5.4.1-18.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:57", "bulletinFamily": "unix", "description": "The Simple Network Management Protocol (SNMP) is a protocol used for\nnetwork management.\n\nA flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash\nMessage Authentication Code (HMAC). An attacker could use this flaw to\nspoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n\nAll users of ucd-snmp should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.", "modified": "2018-03-14T19:27:21", "published": "2008-06-10T04:00:00", "id": "RHSA-2008:0528", "href": "https://access.redhat.com/errata/RHSA-2008:0528", "type": "redhat", "title": "(RHSA-2008:0528) Moderate: ucd-snmp security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:23", "bulletinFamily": "unix", "description": "The Simple Network Management Protocol (SNMP) is a protocol used for\r\nnetwork management.\r\n\r\nA flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash\r\nMessage Authentication Code (HMAC). An attacker could use this flaw to\r\nspoof an authenticated SNMPv3 packet. (CVE-2008-0960)\r\n\r\nA buffer overflow was found in the Perl bindings for Net-SNMP. This could\r\nbe exploited if an attacker could convince an application using the\r\nNet-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292)\r\n\r\nAll users of net-snmp should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T12:06:30", "published": "2008-06-10T04:00:00", "id": "RHSA-2008:0529", "href": "https://access.redhat.com/errata/RHSA-2008:0529", "type": "redhat", "title": "(RHSA-2008:0529) Moderate: net-snmp security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": "\r\n2008/06/09 #2008-006 multiple SNMP implementations HMAC authentication spoofing\r\n\r\nDescription:\r\n\r\nSome SNMP implementations include incomplete HMAC authentication code that\r\nallows spoofing of authenticated SNMPv3 packets.\r\n\r\nThe authentication code reads the length to be checked from sender input,\r\nthis allows the sender to supply single byte HMAC code and have a 1 in 256\r\nchance of matching the correct HMAC and authenticating, as only the first\r\nbyte will be checked. The sender would need to know a valid username.\r\n\r\nCurrently Net-SNMP and UCD-SNMP are known to be vulnerable, other SNMP\r\nimplementations may also be affected. The eCos project includes code derived\r\nfrom UCD-SNMP and is therefore also affected.\r\n\r\nAffected version:\r\n\r\nNet-SNMP &lt;= 5.4.1, &lt;= 5.3.2, &lt;= 5.2.4\r\nUCD-SNMP, all versions\r\neCos, all versions\r\n\r\nFixed version:\r\n\r\nNet-SNMP &gt;= 5.4.1.1, &gt;= 5.3.2.1, &gt;= 5.2.4.1\r\nUCD-SNMP, N/A\r\neCos, N/A\r\n\r\nCredit: this issue was reported by CERT/CC, it is tracked as VU#878044.\r\n\r\nCVE: CVE-2008-0960\r\n\r\nTimeline:\r\n2008-06-05: CERT/CC reports VU#878044 to oCERT requesting joint coordination\r\n2008-06-05: contacted affected vendors\r\n2008-06-06: added eCos to affected packages\r\n2008-06-09: patched net-snmp packages released\r\n2008-06-09: advisory release\r\n\r\nReferences:\r\nhttp://sourceforge.net/forum/forum.php?forum_id=833770\r\nhttp://sourceforge.net/tracker/index.php?func=detail&amp;aid=1989089&amp;group_id=12694&amp;atid=456380\r\nhttp://www.kb.cert.org/vuls/id/878044\r\n\r\nLinks:\r\nhttp://www.net-snmp.org\r\nhttp://www.ece.ucdavis.edu/ucd-snmp\r\nhttp://ecos.sourceware.org\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2008-006.html\r\n\r\n-- \r\nAndrea Barisani | Founder &amp; Project Coordinator\r\n oCERT | Open Source Computer Emergency Response Team\r\n\r\n&lt;lcars@ocert.org&gt; http://www.ocert.org\r\n 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E\r\n &quot;Pluralitas non est ponenda sine necessitate&quot;", "modified": "2008-06-10T00:00:00", "published": "2008-06-10T00:00:00", "id": "SECURITYVULNS:DOC:19997", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19997", "title": "[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: SNMP Version 3 Authentication\r\nVulnerabilities\r\n\r\nDocument ID: 107408\r\n\r\nAdvisory ID: cisco-sa-20080610-snmpv3\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2008 June 10 1600 UTC &#40;GMT&#41;\r\n\r\n- ---------------------------------------------------------------------\r\n\r\nSummary\r\n=======\r\n\r\nMultiple Cisco products contain either of two authentication\r\nvulnerabilities in the Simple Network Management Protocol version 3\r\n&#40;SNMPv3&#41; feature. These vulnerabilities can be exploited when\r\nprocessing a malformed SNMPv3 message. These vulnerabilities could\r\nallow the disclosure of network information or may enable an attacker\r\nto perform configuration changes to vulnerable devices. The SNMP\r\nserver is an optional service that is disabled by default in Cisco\r\nproducts. Only SNMPv3 is impacted by these vulnerabilities.\r\nWorkarounds are available for mitigating the impact of the\r\nvulnerabilities described in this document.\r\n\r\nThe United States Computer Emergency Response Team &#40;US-CERT&#41; has\r\nassigned Vulnerability Note VU#878044 to these vulnerabilities.\r\n\r\nCommon Vulnerabilities and Exposures &#40;CVE&#41; identifier CVE-2008-0960\r\nhas also been assigned to these vulnerabilities.\r\n\r\nThis advisory is posted at\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml\r\n\r\nAffected Products\r\n=================\r\n\r\nVulnerable Products\r\n+------------------\r\n\r\nThe following Cisco products are vulnerable.\r\n\r\n * Cisco IOS\r\n * Cisco IOS-XR\r\n * Cisco Catalyst Operating System &#40;CatOS&#41;\r\n * Cisco NX-OS\r\n * Cisco Application Control Engine &#40;ACE&#41; Module\r\n * Cisco ACE Appliance\r\n * Cisco ACE XML Gateway\r\n * Cisco MDS 9000 Series Multilayer Fabric Switches\r\n\r\nNote: The SNMP server is disabled by default. These vulnerabilities\r\nonly impact devices that are configured for SNMPv3.\r\n\r\nTo determine the version of SNMP configured in Cisco IOS, CatOS and\r\nIOS-XR, log in to the device and issue the show snmp group command.\r\nThe security model field indicates the version of SNMP configured.\r\nThe output &quot;usm&quot; is the abbreviation for user-based security model\r\nand this indicates SNMPv3 is configured.\r\n\r\n Cisco IOS\r\n router#show snmp group\r\n groupname: test security model:v3 noauth \r\n readview : v1default writeview: &lt;no writeview specified&gt; \r\n notifyview: &lt;no notifyview specified&gt; \r\n row status: active\r\n \r\n Cisco CatOS\r\n 5500-1 &#40;enable&#41; show snmp group\r\n Security Model: v3\r\n Security Name: userv3\r\n Group Name: groupv3\r\n Storage Type: nonvolatile\r\n Row Status: active\r\n \r\n Cisco IOS-XR\r\n RP/0/RP0/CPU0:ios#show snmp group\r\n groupname: test security model:usm\r\n readview : v1default writeview: -\r\n notifyview: v1default\r\n row status: nonVolatile \r\n \r\n\r\nIronPort\r\n+-------\r\n\r\nIronPort C-Series, X-Series, and M-Series appliances utilize code\r\ncovered by this advisory, but are not susceptible to any security\r\nrisk. IronPort C-Series, X-Series, and M-Series incorporate the\r\nlibraries under the advisory to provide anonymous read-only access to\r\nsystem health data. There is no risk of escalated authorization\r\nprivileges allowing a 3rd party to make any configuration changes to\r\nthe IronPort devices. IronPort S-Series and Encryption Appliances are\r\nnot affected by this advisory. This announcement has also been posted\r\non the IronPort Support Portal, available to IronPort customers: \r\n\r\nhttps://supportportal.ironport.com/irppcnctr/srvcd?u=http://secure-support.soma.ironport.com/announcement&amp;sid=900016 \r\n\r\nProducts Confirmed Not Vulnerable\r\n+--------------------------------\r\n\r\nThe following Cisco products are confirmed not vulnerable:\r\n\r\n * Cisco PIX Security Appliances\r\n * Cisco ASA Security Appliances\r\n * Cisco Firewall Services Module &#40;FWSM&#41;\r\n * Cisco Security Monitoring, Analysis, and Response System &#40;MARS&#41;\r\n * Cisco Network Admission Control &#40;NAC&#41; Appliance\r\n * CiscoWorks Wireless LAN Solution Engine &#40;WLSE&#41;\r\n\r\nNo other Cisco products are currently known to be affected by these\r\nvulnerabilities.\r\n\r\nDetails\r\n=======\r\n\r\nSNMP defines a standard mechanism for remote management and\r\nmonitoring of devices in an Internet Protocol &#40;IP&#41; network.\r\n\r\nThere are three general types of SNMP operations: &quot;get&quot; requests to\r\nrequest information, &quot;set&quot; requests that modify the configuration of\r\na remote device, and &quot;trap&quot; messages that provide a monitoring\r\nfunction. SNMP requests and traps are transported over User Datagram\r\nProtocol &#40;UDP&#41; and are received at the assigned destination port\r\nnumbers 161 and 162, respectively.\r\n\r\nSNMPv3 provides secure access to devices by authenticating and\r\nencrypting packets over the network. RFC2574 defines\r\nthe use of HMAC-MD5-96 and HMAC-SHA-96 as the possible authentication\r\nprotocols for SNMPv3.\r\n\r\nVulnerabilities have been identified in the authentication code of\r\nmultiple SNMPv3 implementations. This advisory identifies two\r\nvulnerabilities that are almost identical. Both are specifically\r\nrelated to malformed SNMPv3 packets that manipulate the Hash Message\r\nAuthentication Code &#40;HMAC&#41;. The two vulnerabilities may impact both\r\nSecure Hashing Algorithm-1 &#40;SHA-1&#41; and Message-Digest Algorithm 5\r\n&#40;MD5&#41;. The vulnerabilities described in this document can be\r\nsuccessfully exploited using spoofed SNMPv3 packets.\r\n\r\nThese vulnerabilities are documented in the following Cisco Bug IDs:\r\n\r\n * CSCsf04754 - IOS SNMPv3 HMAC Authentication issue \r\n * CSCsf30109 - IOS-XR SNMPv3 HMAC Authentication issue \r\n * CSCsf29976 - CatOS SNMPv3 HMAC Authentication issue \r\n * CSCsq62662 - ACE XML Gw SNMPv3 HMAC Authentication issue\r\n * CSCsq60664 - ACE Appliance SNMPv3 HMAC Authentication issue\r\n * CSCsq60695 - ACE Module SNMPv3 HMAC Authentication issue\r\n * CSCsq60582 - Nexus SNMPv3 HMAC Authentication issue\r\n\r\nNote: Although multiple software defects are listed, this advisory\r\nonly identifies two vulnerabilities. Because different Cisco products\r\nrequire their own fixes, additional Bug IDs have been assigned.\r\n\r\nVulnerability Scoring Details\r\n=============================\r\n\r\nCisco has provided scores for the vulnerabilities in this advisory\r\nbased on the Common Vulnerability Scoring System &#40;CVSS&#41;. The CVSS\r\nscoring in this Security Advisory is done in accordance with CVSS\r\nversion 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of\r\nthe vulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding\r\nCVSS at\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\nCSCsf04754 - IOS SNMPv3 HMAC Authentication issue\r\n- -----------------------------------------------------\r\n\r\nCVSS Base Score - 10\r\n\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.3\r\n\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n\r\n\r\nCSCsf30109 - IOS-XR SNMPv3 HMAC Authentication issue\r\n- --------------------------------------------------------\r\n\r\nCVSS Base Score - 10\r\n\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.3\r\n\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n\r\n\r\nCSCsf29976 - CatOS SNMPv3 HMAC Authentication issue\r\n- -------------------------------------------------------\r\n\r\nCVSS Base Score - 10\r\n\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.3\r\n\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n\r\n\r\nCSCsq62662 - ACE XML Gw SNMPv3 HMAC Authentication issue\r\n- ------------------------------------------------------------\r\n\r\nCVSS Base Score - 9.3\r\n\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 7.7\r\n\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n\r\n\r\nCSCsq60664 - ACE Appliance SNMPv3 HMAC Authentication issue\r\n- ---------------------------------------------------------------\r\n\r\nCVSS Base Score - 9.3\r\n\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.4\r\n\r\n Exploitability - Functional\r\n Remediation Level - Workaround\r\n Report Confidence - Confirmed\r\n\r\n\r\n\r\nCSCsq60695 - ACE Module SNMPv3 HMAC Authentication issue\r\n- ------------------------------------------------------------\r\n\r\nCVSS Base Score - 9.3\r\n\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.4\r\n\r\n Exploitability - Functional\r\n Remediation Level - Workaround\r\n Report Confidence - Confirmed\r\n\r\n\r\n\r\nCSCsq60582 - Nexus SNMPv3 HMAC Authentication issue\r\n- -------------------------------------------------------\r\n\r\nCVSS Base Score - 9.3\r\n\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.4\r\n\r\n Exploitability - Functional\r\n Remediation Level - Workaround\r\n Report Confidence - Confirmed\r\n\r\n\r\nImpact\r\n======\r\n\r\nSuccessful exploitation of these vulnerabilities could result in the\r\ndisclosure of sensitive information on a device or allow an attacker\r\nto make configuration changes to a vulnerable device that is based on\r\nthe SNMP configuration.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nWhen considering software upgrades, also consult\r\nhttp://www.cisco.com/go/psirt and any subsequent advisories to\r\ndetermine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should exercise caution to be certain the\r\ndevices to be upgraded contain sufficient memory and that current\r\nhardware and software configurations will continue to be supported\r\nproperly by the new release. If the information is not clear, contact\r\nthe Cisco Technical Assistance Center &#40;TAC&#41; or your contracted\r\nmaintenance provider for assistance.\r\n\r\nEach row of the Cisco IOS software table &#40;below&#41; names a Cisco IOS\r\nrelease train. If a given release train is vulnerable, then the\r\nearliest possible releases that contain the fix &#40;along with the\r\nanticipated date of availability for each, if applicable&#41; are listed\r\nin the &quot;First Fixed Release&quot; column of the table. The &quot;Recommended\r\nRelease&quot; column indicates the releases which have fixes for all the\r\npublished vulnerabilities at the time of this Advisory. A device\r\nrunning a release in the given train that is earlier than the release\r\nin a specific column &#40;less than the First Fixed Release&#41; is known to\r\nbe vulnerable. Cisco recommends upgrading to a release equal to or\r\nlater than the release in the &quot;Recommended Releases&quot; column of the\r\ntable.\r\n\r\n+----------------------------------------+\r\n| Major | Availability of Repaired |\r\n| Release | Releases |\r\n|------------+---------------------------|\r\n| Affected | First Fixed | Recommended |\r\n| 12.0-Based | Release | Release |\r\n| Releases | | |\r\n|------------+-------------+-------------|\r\n| 12.0 | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.0DA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.0DB | 12.0&#40;2&#41;DB | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0DC | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | 12.0&#40;28&#41;S1 | |\r\n| | | |\r\n| 12.0S | 12.0&#40;32&#41;S5 | |\r\n| | | |\r\n| | 12.0&#40;33&#41;S | |\r\n|------------+-------------+-------------|\r\n| 12.0SC | 12.0&#40;7&#41;SC | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0SL | first fixed | |\r\n| | in 12.0S | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0SP | first fixed | |\r\n| | in 12.0S | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0ST | first fixed | |\r\n| | in 12.0S | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0SX | first fixed | |\r\n| | in 12.0S | |\r\n|------------+-------------+-------------|\r\n| 12.0SY | 12.0&#40;32&#41;SY1 | |\r\n|------------+-------------+-------------|\r\n| 12.0SZ | 12.0&#40;30&#41;SZ4 | |\r\n|------------+-------------+-------------|\r\n| 12.0T | 12.0&#40;1&#41;T | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| 12.0W | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.0WC | 12.0&#40;5&#41;WC16 | |\r\n|------------+-------------+-------------|\r\n| 12.0WT | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.0XA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.0XB | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.0XC | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.0XD | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.0XE | 12.0&#40;1&#41;XE | |\r\n|------------+-------------+-------------|\r\n| 12.0XF | 12.0&#40;2&#41;XF1 | 12.0&#40;2&#41;XF |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XG | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XH | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Releases | |\r\n| | prior to | |\r\n| | 12.0&#40;4&#41;XI2 | |\r\n| | are | |\r\n| | vulnerable, | |\r\n| 12.0XI | release | 12.4&#40;18b&#41; |\r\n| | 12.0&#40;4&#41;XI2 | |\r\n| | and later | |\r\n| | are not | |\r\n| | vulnerable; | |\r\n| | first fixed | |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XJ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XK | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XL | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XM | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.0T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XN | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XQ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.0T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XR | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XS | first fixed | |\r\n| | in 12.1E | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.0XV | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.0T | |\r\n|------------+-------------+-------------|\r\n| 12.0XW | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| Affected | First Fixed | Recommended |\r\n| 12.1-Based | Release | Release |\r\n| Releases | | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1 | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1AA | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1AX | first fixed | |\r\n| | in 12.2EY | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.1&#40;22&#41; |\r\n| 12.1AY | first fixed | EA11 |\r\n| | in 12.1EA | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.1&#40;22&#41; |\r\n| 12.1AZ | first fixed | EA11 |\r\n| | in 12.1EA | |\r\n|------------+-------------+-------------|\r\n| | Releases | |\r\n| | prior to | |\r\n| | 12.1&#40;7&#41;CX | |\r\n| | are | |\r\n| | vulnerable, | |\r\n| 12.1CX | release | 12.4&#40;18b&#41; |\r\n| | 12.1&#40;7&#41;CX | |\r\n| | and later | |\r\n| | are not | |\r\n| | vulnerable; | |\r\n| | first fixed | |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1DA | first fixed | |\r\n| | in 12.2DA | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1DB | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1DC | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| 12.1E | 12.1&#40;1&#41;E2 | |\r\n|------------+-------------+-------------|\r\n| 12.1EA | 12.1&#40;22&#41; | 12.1&#40;22&#41; |\r\n| | EA10 | EA11 |\r\n|------------+-------------+-------------|\r\n| 12.1EB | Vulnerable; | |\r\n| | contact TAC | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1EC | first fixed | |\r\n| | in 12.3BC | |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;29&#41; |\r\n| | | SVD1; |\r\n| 12.1EO | 12.1&#40;19&#41;EO6 | Available |\r\n| | | on |\r\n| | | 13-JUN-2008 |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;25&#41; |\r\n| | | EWA14 |\r\n| | Vulnerable; | |\r\n| 12.1EU | first fixed | 12.2&#40;31&#41; |\r\n| | in 12.2SG | SGA7 |\r\n| | | |\r\n| | | 12.2&#40;44&#41;SG |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;29&#41; |\r\n| | Vulnerable; | SVD1; |\r\n| 12.1EV | first fixed | Available |\r\n| | in 12.2SV | on |\r\n| | | 13-JUN-2008 |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;25&#41; |\r\n| | | EWA14 |\r\n| | Vulnerable; | |\r\n| 12.1EW | first fixed | 12.2&#40;31&#41; |\r\n| | in 12.2EW | SGA7 |\r\n| | | |\r\n| | | 12.2&#40;44&#41;SG |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1EX | first fixed | |\r\n| | in 12.1E | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1EY | first fixed | |\r\n| | in 12.1E | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1EZ | first fixed | |\r\n| | in 12.1E | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1GA | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1GB | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1T | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XA | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XB | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XC | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XD | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XE | first fixed | |\r\n| | in 12.1E | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XF | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XG | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XH | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XI | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XJ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| 12.1XK | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XL | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XM | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| 12.1XN | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.1XO | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XP | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XQ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XR | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XS | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XT | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XU | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XV | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XW | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XX | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XY | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1XZ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.2 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1YA | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1YB | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1YC | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1YD | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Releases | |\r\n| | prior to | |\r\n| | 12.1&#40;5&#41;YE6 | |\r\n| | are | |\r\n| | vulnerable, | |\r\n| 12.1YE | release | 12.4&#40;18b&#41; |\r\n| | 12.1&#40;5&#41;YE6 | |\r\n| | and later | |\r\n| | are not | |\r\n| | vulnerable; | |\r\n| | first fixed | |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1YF | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| 12.1YG | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1YH | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.1YI | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.1&#40;22&#41; |\r\n| 12.1YJ | first fixed | EA11 |\r\n| | in 12.1EA | |\r\n|------------+-------------+-------------|\r\n| Affected | First Fixed | Recommended |\r\n| 12.2-Based | Release | Release |\r\n| Releases | | |\r\n|------------+-------------+-------------|\r\n| | 12.2&#40;26c&#41; | |\r\n| | | |\r\n| | 12.2&#40;27c&#41; | |\r\n| | | |\r\n| 12.2 | 12.2&#40;28d&#41; | 12.4&#40;18b&#41; |\r\n| | | |\r\n| | 12.2&#40;29b&#41; | |\r\n| | | |\r\n| | 12.2&#40;40&#41; | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2B | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2BC | first fixed | |\r\n| | in 12.3BC | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2BW | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2BY | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2BZ | first fixed | |\r\n| | in 12.3XI | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2CX | first fixed | |\r\n| | in 12.3BC | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2CY | first fixed | |\r\n| | in 12.3BC | |\r\n|------------+-------------+-------------|\r\n| 12.2CZ | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | 12.2&#40;10&#41;DA4 | |\r\n| 12.2DA | | |\r\n| | 12.2&#40;12&#41; | |\r\n| | DA11 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2DD | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2DX | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;25&#41; |\r\n| | | EWA14 |\r\n| | Vulnerable; | |\r\n| 12.2EU | first fixed | 12.2&#40;31&#41; |\r\n| | in 12.2SG | SGA7 |\r\n| | | |\r\n| | | 12.2&#40;44&#41;SG |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;25&#41; |\r\n| | | EWA14 |\r\n| | 12.2&#40;18&#41;EW7 | |\r\n| 12.2EW | | 12.2&#40;31&#41; |\r\n| | 12.2&#40;20&#41;EW4 | SGA7 |\r\n| | | |\r\n| | | 12.2&#40;44&#41;SG |\r\n|------------+-------------+-------------|\r\n| | 12.2&#40;20&#41; | |\r\n| | EWA3 | |\r\n| | | |\r\n| | 12.2&#40;25&#41; | |\r\n| | EWA11 | 12.2&#40;25&#41; |\r\n| 12.2EWA | | EWA14 |\r\n| | 12.2&#40;25&#41; | |\r\n| | EWA7 | |\r\n| | | |\r\n| | 12.2&#40;25&#41; | |\r\n| | EWA8 | |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;44&#41;EX; |\r\n| 12.2EX | 12.2&#40;35&#41;EX | Available |\r\n| | | on |\r\n| | | 26-JUN-2008 |\r\n|------------+-------------+-------------|\r\n| 12.2EY | 12.2&#40;37&#41;EY | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2EZ | first fixed | |\r\n| | in 12.2SEE | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2FX | first fixed | |\r\n| | in 12.2SEE | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2FY | first fixed | |\r\n| | in 12.2SEG | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2FZ | first fixed | 12.2&#40;44&#41;SE2 |\r\n| | in 12.2SE | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2IXA | migrate to | |\r\n| | any release | |\r\n| | in 12.2IXD | |\r\n|------------+-------------+-------------|\r\n| 12.2IXB | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2IXC | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2IXD | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2IXE | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2IXF | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2JA | first fixed | |\r\n| | in 12.3JA | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2JK | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2MB | first fixed | |\r\n| | in 12.2SW | |\r\n|------------+-------------+-------------|\r\n| 12.2MC | 12.2&#40;15&#41; | 12.4&#40;18b&#41; |\r\n| | MC2h | |\r\n|------------+-------------+-------------|\r\n| | 12.2&#40;14&#41;S18 | |\r\n| | | 12.2&#40;31&#41; |\r\n| | 12.2&#40;18&#41;S13 | SB12 |\r\n| 12.2S | | |\r\n| | 12.2&#40;20&#41;S13 | 12.2&#40;33&#41; |\r\n| | | SRC1 |\r\n| | 12.2&#40;25&#41;S11 | |\r\n|------------+-------------+-------------|\r\n| | 12.2&#40;28&#41;SB4 | |\r\n| | | |\r\n| 12.2SB | 12.2&#40;31&#41;SB2 | 12.2&#40;31&#41; |\r\n| | | SB12 |\r\n| | 12.2&#40;31&#41; | |\r\n| | SB3x | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.2&#40;31&#41; |\r\n| 12.2SBC | first fixed | SB12 |\r\n| | in 12.2SB | |\r\n|------------+-------------+-------------|\r\n| 12.2SCA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SE | 12.2&#40;35&#41;SE | 12.2&#40;44&#41;SE2 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2SEA | first fixed | |\r\n| | in 12.2SEE | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2SEB | first fixed | |\r\n| | in 12.2SEE | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2SEC | first fixed | |\r\n| | in 12.2SEE | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2SED | first fixed | |\r\n| | in 12.2SEE | |\r\n|------------+-------------+-------------|\r\n| 12.2SEE | 12.2&#40;25&#41; | |\r\n| | SEE3 | |\r\n|------------+-------------+-------------|\r\n| 12.2SEF | 12.2&#40;25&#41; | 12.2&#40;44&#41;SE2 |\r\n| | SEF2 | |\r\n|------------+-------------+-------------|\r\n| 12.2SEG | 12.2&#40;25&#41; | |\r\n| | SEG2 | |\r\n|------------+-------------+-------------|\r\n| | 12.2&#40;25&#41;SG1 | |\r\n| | | |\r\n| | 12.2&#40;31&#41;SG1 | |\r\n| 12.2SG | | 12.2&#40;44&#41;SG |\r\n| | 12.2&#40;31&#41;SG2 | |\r\n| | | |\r\n| | 12.2&#40;37&#41;SG | |\r\n|------------+-------------+-------------|\r\n| 12.2SGA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SL | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SM | 12.2&#40;29&#41;SM2 | 12.2&#40;29&#41;SM3 |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;29&#41; |\r\n| | | SVD1; |\r\n| 12.2SO | 12.2&#40;18&#41;SO7 | Available |\r\n| | | on |\r\n| | | 13-JUN-2008 |\r\n|------------+-------------+-------------|\r\n| 12.2SRA | 12.2&#40;33&#41; | |\r\n| | SRA1 | |\r\n|------------+-------------+-------------|\r\n| 12.2SRB | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SRC | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SU | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | 12.2&#40;27&#41;SV5 | |\r\n| | | |\r\n| | 12.2&#40;28&#41;SV1 | 12.2&#40;29&#41; |\r\n| | | SVD1; |\r\n| 12.2SV | 12.2&#40;29&#41;SV3 | Available |\r\n| | | on |\r\n| | 12.2&#40;29a&#41; | 13-JUN-2008 |\r\n| | SV1 | |\r\n| | | |\r\n| | 12.2&#40;29b&#41;SV | |\r\n|------------+-------------+-------------|\r\n| 12.2SVA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SVC | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SVD | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SW | 12.2&#40;25&#41;SW8 | |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;18&#41; |\r\n| | Vulnerable; | SXF15; |\r\n| 12.2SX | first fixed | Available |\r\n| | in 12.2SXF | on |\r\n| | | 08-AUG-2008 |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;18&#41; |\r\n| | Vulnerable; | SXF15; |\r\n| 12.2SXA | first fixed | Available |\r\n| | in 12.2SXF | on |\r\n| | | 08-AUG-2008 |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;18&#41; |\r\n| | Vulnerable; | SXF15; |\r\n| 12.2SXB | first fixed | Available |\r\n| | in 12.2SXF | on |\r\n| | | 08-AUG-2008 |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;18&#41; |\r\n| | 12.2&#40;18&#41; | SXF15; |\r\n| 12.2SXD | SXD7a | Available |\r\n| | | on |\r\n| | | 08-AUG-2008 |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;18&#41; |\r\n| | 12.2&#40;18&#41; | SXF15; |\r\n| 12.2SXE | SXE6a | Available |\r\n| | | on |\r\n| | | 08-AUG-2008 |\r\n|------------+-------------+-------------|\r\n| | 12.2&#40;18&#41; | |\r\n| | SXF10a | 12.2&#40;18&#41; |\r\n| | | SXF15; |\r\n| 12.2SXF | 12.2&#40;18&#41; | Available |\r\n| | SXF12a | on |\r\n| | | 08-AUG-2008 |\r\n| | 12.2&#40;18&#41; | |\r\n| | SXF6 | |\r\n|------------+-------------+-------------|\r\n| 12.2SXH | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2SY | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;31&#41; |\r\n| | Vulnerable; | SB12 |\r\n| 12.2SZ | first fixed | |\r\n| | in 12.2S | 12.2&#40;33&#41; |\r\n| | | SRC1 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2T | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| 12.2TPC | 12.2&#40;8&#41; | |\r\n| | TPC10b | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.2&#40;31&#41; |\r\n| 12.2UZ | first fixed | SB12 |\r\n| | in 12.2SB | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XA | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XB | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XC | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XD | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XE | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XF | first fixed | |\r\n| | in 12.3BC | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XG | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XH | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XI | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XJ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XK | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XL | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XM | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| 12.2XN | 12.2&#40;33&#41;XN1 | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| 12.2XNA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.2XO | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XQ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XR | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XS | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XT | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XU | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XV | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2XW | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| 12.2YA | 12.2&#40;4&#41;YA12 | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YB | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YC | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YD | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| 12.2YE | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YF | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YG | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YH | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YJ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YK | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YL | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YM | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YN | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.2&#40;18&#41; |\r\n| | migrate to | SXF15; |\r\n| 12.2YO | any release | Available |\r\n| | in 12.2SY | on |\r\n| | | 08-AUG-2008 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YP | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YQ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YR | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YS | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YT | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YU | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YV | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YW | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| 12.2YX | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2YY | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;31&#41; |\r\n| | Vulnerable; | SB12 |\r\n| 12.2YZ | first fixed | |\r\n| | in 12.2S | 12.2&#40;33&#41; |\r\n| | | SRC1 |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;18&#41; |\r\n| | Vulnerable; | SXF15; |\r\n| 12.2ZA | first fixed | Available |\r\n| | in 12.2SXF | on |\r\n| | | 08-AUG-2008 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2ZB | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2ZC | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| 12.2ZD | Vulnerable; | |\r\n| | contact TAC | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2ZE | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2ZF | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | | 12.3&#40;2&#41;XA7 |\r\n| | Vulnerable; | |\r\n| 12.2ZG | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.3YG | |\r\n| | | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| 12.2ZH | 12.2&#40;13&#41;ZH9 | 12.2&#40;13&#41; |\r\n| | | ZH11 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2ZJ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.4&#40;15&#41;T5 |\r\n| 12.2ZL | first fixed | |\r\n| | in 12.3T | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.2ZP | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | | 12.2&#40;33&#41; |\r\n| | | SXH3; |\r\n| 12.2ZU | 12.2&#40;18&#41;ZU1 | Available |\r\n| | | on |\r\n| | | 03-JUL-2008 |\r\n|------------+-------------+-------------|\r\n| 12.2ZY | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| Affected | First Fixed | Recommended |\r\n| 12.3-Based | Release | Release |\r\n| Releases | | |\r\n|------------+-------------+-------------|\r\n| | 12.3&#40;17c&#41; | |\r\n| | | |\r\n| | 12.3&#40;18a&#41; | |\r\n| | | |\r\n| 12.3 | 12.3&#40;19a&#41; | 12.4&#40;18b&#41; |\r\n| | | |\r\n| | 12.3&#40;20a&#41; | |\r\n| | | |\r\n| | 12.3&#40;21&#41; | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3B | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | 12.3&#40;17b&#41; | |\r\n| 12.3BC | BC3 | |\r\n| | | |\r\n| | 12.3&#40;21&#41;BC | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3BW | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| 12.3EU | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | 12.3&#40;11&#41;JA | |\r\n| | | |\r\n| | 12.3&#40;7&#41;JA5 | |\r\n| 12.3JA | | |\r\n| | 12.3&#40;8&#41;JA3; | |\r\n| | Available | |\r\n| | on | |\r\n| | 18-SEP-2008 | |\r\n|------------+-------------+-------------|\r\n| 12.3JEA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.3JEB | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.3JEC | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | | 12.3&#40;2&#41;JK4; |\r\n| | | Available |\r\n| | | on |\r\n| | 12.3&#40;2&#41;JK2 | 30-JUN-2008 |\r\n| 12.3JK | | |\r\n| | 12.3&#40;8&#41;JK1 | 12.3&#40;8&#41;JK2; |\r\n| | | Available |\r\n| | | on |\r\n| | | 30-JUN-2008 |\r\n|------------+-------------+-------------|\r\n| 12.3JL | 12.3&#40;2&#41;JL1 | 12.3&#40;2&#41;JL4 |\r\n|------------+-------------+-------------|\r\n| 12.3JX | Vulnerable; | 12.3&#40;7&#41;JX11 |\r\n| | contact TAC | |\r\n|------------+-------------+-------------|\r\n| 12.3T | 12.3&#40;11&#41;T11 | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| 12.3TPC | 12.3&#40;4&#41; | |\r\n| | TPC11b | |\r\n|------------+-------------+-------------|\r\n| 12.3VA | Vulnerable; | |\r\n| | contact TAC | |\r\n|------------+-------------+-------------|\r\n| 12.3XA | 12.3&#40;2&#41;XA6 | 12.3&#40;2&#41;XA7 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XB | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | | 12.4&#40;15&#41;T5 |\r\n| 12.3XC | 12.3&#40;2&#41;XC5 | |\r\n| | | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XD | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | | 12.4&#40;15&#41;T5 |\r\n| 12.3XE | 12.3&#40;2&#41;XE5 | |\r\n| | | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XF | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.4&#40;15&#41;T5 |\r\n| 12.3XG | first fixed | |\r\n| | in 12.3YG | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XH | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| 12.3XI | 12.3&#40;7&#41;XI8a | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.3&#40;14&#41; |\r\n| 12.3XJ | first fixed | YX11 |\r\n| | in 12.3YX | |\r\n| | | 12.4&#40;15&#41;T5 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XK | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XQ | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.4 | |\r\n|------------+-------------+-------------|\r\n| | | 12.4&#40;15&#41;T5 |\r\n| 12.3XR | 12.3&#40;7&#41;XR7 | |\r\n| | | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XS | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.4 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XU | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.3&#40;14&#41; |\r\n| 12.3XW | first fixed | YX11 |\r\n| | in 12.3YX | |\r\n| | | 12.4&#40;15&#41;T5 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3XY | first fixed | 12.4&#40;18b&#41; |\r\n| | in 12.3T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.4&#40;15&#41;T5 |\r\n| 12.3YA | first fixed | |\r\n| | in 12.4 | 12.4&#40;18b&#41; |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3YD | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | 12.3&#40;14&#41; |\r\n| 12.3YF | first fixed | YX11 |\r\n| | in 12.3YX | |\r\n| | | 12.4&#40;15&#41;T5 |\r\n|------------+-------------+-------------|\r\n| 12.3YG | 12.3&#40;8&#41;YG6 | 12.4&#40;15&#41;T5 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3YH | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3YI | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3YJ | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| 12.3YK | 12.3&#40;11&#41;YK3 | 12.4&#40;15&#41;T5 |\r\n|------------+-------------+-------------|\r\n| 12.3YM | 12.3&#40;14&#41;YM8 | 12.3&#40;14&#41; |\r\n| | | YM12 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3YQ | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| 12.3YS | 12.3&#40;11&#41;YS2 | 12.4&#40;15&#41;T5 |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3YT | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.3YU | first fixed | |\r\n| | in 12.4XB | |\r\n|------------+-------------+-------------|\r\n| 12.3YX | 12.3&#40;14&#41;YX4 | 12.3&#40;14&#41; |\r\n| | | YX11 |\r\n|------------+-------------+-------------|\r\n| 12.3YZ | 12.3&#40;11&#41;YZ2 | |\r\n|------------+-------------+-------------|\r\n| Affected | First Fixed | Recommended |\r\n| 12.4-Based | Release | Release |\r\n| Releases | | |\r\n|------------+-------------+-------------|\r\n| | 12.4&#40;10&#41; | |\r\n| | | |\r\n| | 12.4&#40;3f&#41; | |\r\n| | | |\r\n| 12.4 | 12.4&#40;5c&#41; | 12.4&#40;18b&#41; |\r\n| | | |\r\n| | 12.4&#40;7c&#41; | |\r\n| | | |\r\n| | 12.4&#40;8b&#41; | |\r\n|------------+-------------+-------------|\r\n| 12.4JA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4JK | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4JMA | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4JMB | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4JMC | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4JX | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4MD | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4MR | 12.4&#40;9&#41;MR | |\r\n|------------+-------------+-------------|\r\n| 12.4SW | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| | 12.4&#40;11&#41;T | |\r\n| | | |\r\n| | 12.4&#40;2&#41;T6 | |\r\n| | | |\r\n| 12.4T | 12.4&#40;4&#41;T5 | 12.4&#40;15&#41;T5 |\r\n| | | |\r\n| | 12.4&#40;6&#41;T4 | |\r\n| | | |\r\n| | 12.4&#40;9&#41;T1 | |\r\n|------------+-------------+-------------|\r\n| | Vulnerable; | |\r\n| 12.4XA | first fixed | 12.4&#40;15&#41;T5 |\r\n| | in 12.4T | |\r\n|------------+-------------+-------------|\r\n| 12.4XB | 12.4&#40;2&#41;XB3 | |\r\n|------------+-------------+-------------|\r\n| 12.4XC | 12.4&#40;4&#41;XC5 | |\r\n|------------+-------------+-------------|\r\n| 12.4XD | 12.4&#40;4&#41;XD4 | 12.4&#40;15&#41;T5 |\r\n|------------+-------------+-------------|\r\n| 12.4XE | 12.4&#40;6&#41;XE2 | 12.4&#40;15&#41;T5 |\r\n|------------+-------------+-------------|\r\n| 12.4XF | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XG | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XJ | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XK | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XL | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XM | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XN | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XQ | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XT | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XV | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XW | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XY | Not | |\r\n| | Vulnerable | |\r\n|------------+-------------+-------------|\r\n| 12.4XZ | Not | |\r\n| | Vulnerable | |\r\n+----------------------------------------+\r\n\r\nCisco CatOS\r\n+----------\r\n\r\nThe following table lists fixed Cisco Catalyst Operating System\r\n&#40;CatOS&#41; software.\r\n\r\n+---------------------------------------+\r\n| Affected | Affected | First |\r\n| Product | Release | Fixed |\r\n| | | Release |\r\n|-----------------+----------+----------|\r\n| | 6.x | 6.4&#40;23&#41; |\r\n| |----------+----------|\r\n| Cisco Catalyst | 7.x | 7.6&#40;19&#41; |\r\n|Operating |----------+----------|\r\n| System &#40;CatOS&#41; | 8.5.x | 8.5&#40;7&#41; |\r\n| |----------+----------|\r\n| | 8.6.x | 8.6&#40;1&#41; |\r\n+---------------------------------------+\r\n\r\nCisco IOS XR\r\n+-----------\r\n\r\nThe following table lists fixed Cisco IOS XR software.\r\n\r\n+---------------------------------------------------+\r\n| Cisco | | |\r\n| IOS XR | SMU ID | SMU Name |\r\n| Version | | |\r\n|---------+------------+----------------------------|\r\n| 3.2.2 | AA01681 | hfr-base-3.2.2.CSCsf30109 |\r\n|---------+------------+----------------------------|\r\n| 3.2.3 | AA01682 | hfr-base-3.2.3.CSCsf30109 |\r\n|---------+------------+----------------------------|\r\n| 3.2.4 | AA01683 | hfr-base-3.2.4.CSCsf30109 |\r\n|---------+------------+----------------------------|\r\n| 3.2.6 | AA01684 | hfr-base-3.2.6.CSCsf30109 |\r\n|---------+------------+----------------------------|\r\n| 3.3.0 | AA01685 | hfr-base-3.3.0.CSCsf30109 |\r\n|---------+------------+----------------------------|\r\n| 3.3.0 | AA01690 | c12k-base-3.3.0.CSCsf30109 |\r\n|---------+------------+----------------------------|\r\n| 3.3.1 | AA01686 | hfr-base-3.3.1.CSCsf30109 |\r\n|---------+------------+----------------------------|\r\n| 3.3.1 | AA01688 | c12k-base-3.3.1.CSCsf30109 |\r\n|---------+------------+----------------------------|\r\n| 3.3.2 | Not | Not vulnerable |\r\n| | vulnerable | |\r\n|---------+------------+----------------------------|\r\n| 3.4.x | Not | Not vulnerable |\r\n| | vulnerable | |\r\n+---------------------------------------------------+\r\n\r\nCisco NX-OS\r\n+----------\r\n\r\nThe following table lists fixed Cisco NX-OS software.\r\n\r\n+----------------------------------------+\r\n| Affected | Affected | First Fixed |\r\n| Product | Release | Release |\r\n|-----------+-----------+----------------|\r\n| Cisco | | 4.0.&#40;2&#41; |\r\n| NX-OS | 4.0.&#40;1&#41;a | Available June |\r\n| | | 2008 |\r\n+----------------------------------------+\r\n\r\nCisco ACE Products\r\n+-----------------\r\n\r\nThe following table lists fixed Cisco Application Control Engine\r\n&#40;ACE&#41; software.\r\n\r\n+---------------------------------------+\r\n| Affected | Affected | First |\r\n| Product | Release | Fixed |\r\n| | | Release |\r\n|----------------+----------+-----------|\r\n| | 3.0&#40;0&#41;A1 | |\r\n| Cisco | &#40;6.x&#41; | |\r\n| Application | | A2&#40;1.1&#41; |\r\n| Control Engine | A2&#40;1.0&#41; | |\r\n| &#40;ACE&#41; Module | | |\r\n| | A2&#40;1.0a&#41; | |\r\n|----------------+----------+-----------|\r\n| | A1&#40;7.0&#41; | |\r\n| | | |\r\n| Cisco | A1&#40;7.0a&#41; | |\r\n| Application | | |\r\n| Control Engine | A1&#40;7.0b&#41; | A1&#40;8.0a&#41; |\r\n| &#40;ACE&#41; | | |\r\n| Appliance | A1&#40;7.0c&#41; | |\r\n| | | |\r\n| | A1&#40;8.0&#41; | |\r\n|----------------+----------+-----------|\r\n| Cisco | 4.x | |\r\n| Application | | 6.0.1 |\r\n| Control Engine | 5.x | Available |\r\n| &#40;ACE&#41; XML | | June 2008 |\r\n| Gateway | 6.0 | |\r\n+---------------------------------------+\r\n\r\nCisco MDS software\r\n+-----------------\r\n\r\nThe following table lists fixed Cisco MDS Multilayer Switch software.\r\n\r\n+---------------------------------------+\r\n| Affected | Affected | First Fixed |\r\n| Product | Release | Release |\r\n|-----------+-----------+---------------|\r\n| | 2.1 | |\r\n| Cisco MDS | | 3.4.1 |\r\n| 9000 | 3.0 | Available |\r\n| | | June 2008 |\r\n| | 3.2 | |\r\n+---------------------------------------+\r\n\r\nWorkarounds\r\n===========\r\n\r\nThe following workarounds have been identified for these\r\nvulnerabilities.\r\n\r\nInfrastructure Access Control Lists\r\n+----------------------------------\r\n\r\nAlthough it is often difficult to block traffic that transits a\r\nnetwork, it is possible to identify traffic that should never be\r\nallowed to target infrastructure devices and block that traffic at\r\nthe border of networks. Infrastructure Access Control Lists &#40;iACLs&#41;\r\nare a network security best practice and should be considered as a\r\nlong-term addition to good network security as well as a workaround\r\nfor these specific vulnerabilities. The iACL example below should be\r\nincluded as part of the deployed infrastructure access-list which\r\nwill protect all devices with IP addresses in the infrastructure IP\r\naddress range:\r\n\r\nNote: UDP port 161 is applicable for all versions of SNMP.\r\n\r\n \r\n !--- Permit SNMP UDP 161 packets from\r\n !--- trusted hosts destined to infrastructure addresses.\r\n \r\n access-list 150 permit udp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK eq 161\r\n \r\n !--- Deny SNMP UDP 161 packets from all\r\n !--- other sources destined to infrastructure addresses.\r\n \r\n access-list 150 deny udp any INFRASTRUCTURE_ADDRESSES MASK eq 161\r\n \r\n !--- Permit/deny all other Layer 3 and Layer 4 traffic in accordance\r\n !--- with existing security policies and configurations\r\n !--- Permit all other traffic to transit the device.\r\n \r\n access-list 150 permit ip any anyinterface serial 2/0ip access-group 150 in\r\n \r\n\r\nThe white paper entitled &quot;Protecting Your Core: Infrastructure\r\nProtection Access Control Lists&quot; presents guidelines and recommended\r\ndeployment techniques for infrastructure protection access lists.\r\nThis white paper can be obtained at the following link:\r\nhttp://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml\r\n\r\nControl Plane Policing\r\n+---------------------\r\n\r\nControl Plane Policing &#40;CoPP&#41; can be used to block untrusted SNMP\r\naccess to the device. Cisco IOS software releases 12.0S, 12.2SX,\r\n12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be\r\nconfigured on a device to protect the management and control planes\r\nand minimize the risk and effectiveness of direct infrastructure\r\nattacks by explicitly permitting only authorized traffic that is sent\r\nto infrastructure devices in accordance with existing security\r\npolicies and configurations. The following example, which uses\r\n192.168.100.1 to represent a trusted host, can be adapted to your\r\nnetwork.\r\n\r\n \r\n !--- Deny SNMP UDP traffic from trusted hosts to all IP addresses\r\n !--- configured on all interfaces of the affected device so that\r\n \r\n !--- it will be allowed by the CoPP feature\r\n \r\n \r\n access-list 111 deny udp host 192.168.100.1 any eq 161\r\n \r\n \r\n !--- Permit all other SNMP UDP traffic sent to all IP addresses\r\n !--- configured on all interfaces of the affected device so that it\r\n !--- will be policed and dropped by the CoPP feature\r\n \r\n \r\n access-list 111 permit udp any any eq 161\r\n \r\n \r\n !--- Permit &#40;Police or Drop&#41;/Deny &#40;Allow&#41; all other Layer3 and Layer4\r\n !--- traffic in accordance with existing security policies and\r\n !--- configurations for traffic that is authorized to be sent\r\n !--- to infrastructure devices\r\n \r\n !--- Create a Class-Map for traffic to be policed by\r\n !--- the CoPP feature\r\n \r\n \r\n class-map match-all drop-snmpv3-class\r\n match access-group 111\r\n \r\n \r\n !--- Create a Policy-Map that will be applied to the\r\n !--- Control-Plane of the device.\r\n \r\n \r\n policy-map drop-snmpv3-traffic\r\n class drop-snmpv3-class\r\n drop\r\n \r\n \r\n !--- Apply the Policy-Map to the \r\n !--- Control-Plane of the device\r\n \r\n \r\n control-plane\r\n service-policy input drop-snmpv3-traffic\r\n \r\n\r\nIn the above CoPP example, the access control list entries &#40;ACEs&#41;\r\nthat match the potential exploit packets with the &quot;permit&quot; action\r\nresult in these packets being discarded by the policy-map &quot;drop&quot;\r\nfunction, while packets that match the &quot;deny&quot; action &#40;not shown&#41; are\r\nnot affected by the policy-map drop function.\r\n\r\nPlease note that the policy-map syntax is different in the 12.2S and\r\n12.0S Cisco IOS trains:\r\n\r\n policy-map drop-snmpv3-traffic\r\n class drop-snmpv3-class\r\n police 32000 1500 1500 conform-action drop exceed-action drop\r\n \r\n\r\nAdditional information on the configuration and use of the CoPP\r\nfeature is available at the following links:\r\n\r\nhttp://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html\r\n\r\nand \r\n\r\nhttp://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html\r\n\r\nTransit Access Control Lists\r\n+---------------------------\r\n\r\nFilters that deny SNMP packets using UDP port 161 should be deployed\r\nthroughout the network as part of a Transit Access Control List\r\n&#40;tACL&#41; policy for protection of traffic that enters the network at\r\ningress access points. This policy should be configured to protect\r\nthe network device where the filter is applied and other devices\r\nbehind it. Filters for SNMP packets that use UDP port 161 should also\r\nbe deployed in front of vulnerable network devices so that traffic is\r\nonly allowed from trusted clients.\r\n\r\nAdditional information about tACLs is available in &quot;Transit Access\r\nControl Lists: Filtering at Your Edge:&quot;\r\n\r\nhttp://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml\r\n\r\nHardening Guide Statement\r\n+------------------------\r\n\r\nCustomers are advised to review the &quot;Fortifying the Simple Network\r\nManagement Protocol&quot; section of the &quot;Cisco Guide to Harden Cisco IOS\r\nDevices&quot; for information on configuring an IOS device for SNMPv3\r\nauthentication and privacy:\r\n\r\nhttp://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#fortify\r\n\r\nCisco IOS authPriv Configuration\r\n+-------------------------------\r\n\r\nEnabling the SNMPv3 privacy subsystem &#40;if it is not already in use&#41;\r\nis a short-term workaround for users who are unable to upgrade in a\r\ntimely fashion. This subsystem is used to encrypt SNMPv3 traffic\r\nusing a shared secret.\r\n\r\nIn Cisco IOS, administrators can enable this workaround by using the \r\nauthPriv SNMPv3 feature. Only Cisco IOS crypto images can run the \r\nauthPriv feature.\r\n\r\nNote: Ensure that the management application supports SNMPv3 \r\nauthPriv before implementing this feature.\r\n\r\nApplied Mitigation Bulletin\r\n+--------------------------\r\n\r\nAdditional mitigation techniques that can be deployed on Cisco devices\r\nwithin the network are available in the Cisco Applied Intelligence\r\ncompanion document for this advisory:\r\nhttp://www.cisco.com/warp/public/707/cisco-amb-20080610-SNMPv3.shtml\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address these\r\nvulnerabilities. Prior to deploying software, customers should\r\nconsult their maintenance provider or check the software for feature\r\nset compatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature sets\r\nthey have purchased. By installing, downloading, accessing or\r\notherwise using such software upgrades, customers agree to be bound by\r\nthe terms of Cisco&#39;s software license terms found at\r\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html\r\nor as otherwise set forth at Cisco.com Downloads at\r\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml.\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for\r\nsoftware upgrades.\r\n\r\nCustomers with Service Contracts\r\n+-------------------------------\r\n\r\nCustomers with contracts should obtain upgraded software through\r\ntheir regular update channels. For most customers, this means that\r\nupgrades should be obtained through the Software Center on Cisco&#39;s\r\nworldwide website at http://www.cisco.com.\r\n\r\nCustomers using Third Party Support Organizations\r\n+------------------------------------------------\r\n\r\nCustomers whose Cisco products are provided or maintained through\r\nprior or existing agreements with third-party support organizations,\r\nsuch as Cisco Partners, authorized resellers, or service providers\r\nshould contact that support organization for guidance and assistance\r\nwith the appropriate course of action in regards to this advisory.\r\n\r\nThe effectiveness of any workaround or fix is dependent on specific\r\ncustomer situations, such as product mix, network topology, traffic\r\nbehavior, and organizational mission. Due to the variety of affected\r\nproducts and releases, customers should consult with their service\r\nprovider or support organization to ensure any applied workaround or\r\nfix is the most appropriate for use in the intended network before it\r\nis deployed.\r\n\r\nCustomers without Service Contracts\r\n+----------------------------------\r\n\r\nCustomers who purchase direct from Cisco but do not hold a Cisco\r\nservice contract, and customers who purchase through third-party\r\nvendors but are unsuccessful in obtaining fixed software through\r\ntheir point of sale should acquire upgrades by contacting the Cisco\r\nTechnical Assistance Center &#40;TAC&#41;. TAC contacts are as follows.\r\n\r\n * +1 800 553 2447 &#40;toll free from within North America&#41;\r\n * +1 408 526 7209 &#40;toll call from anywhere in the world&#41;\r\n * e-mail: tac@cisco.com\r\n\r\nCustomers should have their product serial number available and be\r\nprepared to give the URL of this notice as evidence of entitlement to\r\na free upgrade. Free upgrades for non-contract customers must be\r\nrequested through the TAC.\r\n\r\nRefer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml\r\nfor additional TAC contact information, including localized telephone\r\nnumbers, and instructions and e-mail addresses for use in various\r\nlanguages.\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nCisco is releasing this combined Cisco IOS and non-IOS product\r\nadvisory out of our normal bi-yearly IOS security advisory cycle due\r\nto public disclosure of these vulnerabilities.\r\n\r\nCisco is not aware of any malicious exploitation of these\r\nvulnerabilities.\r\n\r\nThese vulnerabilities were reported to Cisco by Dr. Tom Dunigan of\r\nthe University of Tennessee and Net-SNMP in cooperation with the CERT\r\nCoordination Center.\r\n\r\nStatus of this Notice: FINAL\r\n============================\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN &quot;AS IS&quot; BASIS AND DOES NOT IMPLY ANY\r\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that\r\nomits the distribution URL in the following section is an\r\nuncontrolled copy, and may lack important information or contain\r\nfactual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco&#39;s worldwide website at :\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice\r\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\r\nfollowing e-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-teams@first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco&#39;s\r\nworldwide website, but may or may not be actively announced on\r\nmailing lists or newsgroups. Users concerned about this problem are\r\nencouraged to check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+---------------------------------------+\r\n| Revision | | Initial |\r\n| 1.0 | 2008-June-10 | public |\r\n| | | release |\r\n+---------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities in Cisco\r\nproducts, obtaining assistance with security incidents, and\r\nregistering to receive security information from Cisco, is available\r\non Cisco&#39;s worldwide website at\r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.\r\nThis includes instructions for press inquiries regarding Cisco\r\nsecurity notices. All Cisco security advisories are available at\r\nhttp://www.cisco.com/go/psirt.\r\n\r\n- ---------------------------------------------------------------------\r\n\r\nUpdated: Jun 10, 2008 Document ID: 107408\r\n\r\n- ---------------------------------------------------------------------\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.5 &#40;Darwin&#41;\r\n\r\niD8DBQFITruJ86n/Gc8U/uARAiuNAJwIq42/p8CUh7Dc88nAn9a1pfhhqgCfWXjv\r\n8bYhCD0EKNQ28koObq4S+vQ=\r\n=zOBL\r\n-----END PGP SIGNATURE-----", "modified": "2008-06-10T00:00:00", "published": "2008-06-10T00:00:00", "id": "SECURITYVULNS:DOC:20005", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20005", "title": "Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "description": "User-supplied number of signature bytes are checked on signature validation.", "modified": "2008-06-10T00:00:00", "published": "2008-06-10T00:00:00", "id": "SECURITYVULNS:VULN:9069", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9069", "title": "Multiple SNMPv3 authentication implementations bypass", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1663-1 security@debian.org\r\nhttp://www.debian.org/security/ Thijs Kinkhorst\r\nNovember 09, 2008 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : net-snmp\r\nVulnerability : several\r\nProblem type : local &#40;remote&#41;\r\nDebian-specific: no\r\nCVE Id&#40;s&#41; : CVE-2008-0960 CVE-2008-2292 CVE-2008-4309\r\nDebian Bugs : 485945 482333 504150\r\n\r\nSeveral vulnerabilities have been discovered in NET SNMP, a suite of\r\nSimple Network Management Protocol applications. The Common\r\nVulnerabilities and Exposures project identifies the following problems:\r\n \r\nCVE-2008-0960\r\n \r\n Wes Hardaker reported that the SNMPv3 HMAC verification relies on\r\n the client to specify the HMAC length, which allows spoofing of\r\n authenticated SNMPv3 packets.\r\n \r\nCVE-2008-2292\r\n \r\n John Kortink reported a buffer overflow in the __snprint_value\r\n function in snmp_get causing a denial of service and potentially\r\n allowing the execution of arbitrary code via a large OCTETSTRING \r\n in an attribute value pair &#40;AVP&#41;.\r\n \r\nCVE-2008-4309\r\n\r\n It was reported that an integer overflow in the\r\n netsnmp_create_subtree_cache function in agent/snmp_agent.c allows \r\n remote attackers to cause a denial of service attack via a crafted \r\n SNMP GETBULK request.\r\n\r\nFor the stable distribution &#40;etch&#41;, these problems has been fixed in\r\nversion 5.2.3-7etch4.\r\n \r\nFor the testing distribution &#40;lenny&#41; and unstable distribution &#40;sid&#41;\r\nthese problems have been fixed in version 5.4.1~dfsg-11.\r\n\r\nWe recommend that you upgrade your net-snmp package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.diff.gz\r\n Size/MD5 checksum: 94030 2ccd6191c3212980956c30de392825ec\r\n http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.dsc\r\n Size/MD5 checksum: 1046 8018cc23033178515298d5583a74f9ff\r\n http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz\r\n Size/MD5 checksum: 4006389 ba4bc583413f90618228d0f196da8181\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch4_all.deb\r\n Size/MD5 checksum: 1214368 d579d8f28f3d704b6c09b2b480425086\r\n http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch4_all.deb\r\n Size/MD5 checksum: 855594 b5ccd827adbcefcca3557fa9ae28cc08\r\n\r\nalpha architecture &#40;DEC Alpha&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_alpha.deb\r\n Size/MD5 checksum: 2169470 265835564ef2b0e2e86a08000461c53b\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_alpha.deb\r\n Size/MD5 checksum: 944098 5b903886ee4740842715797e3231602c\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_alpha.deb\r\n Size/MD5 checksum: 1901802 5486eb1f2a5b076e5342b1dd9cbb12e2\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_alpha.deb\r\n Size/MD5 checksum: 933202 e3210ba1641079e0c3aaf4a50e89aedd\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_alpha.deb\r\n Size/MD5 checksum: 835584 b14db8c5e5b5e2d34799952975f903fb\r\n\r\namd64 architecture &#40;AMD x86_64 &#40;AMD64&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_amd64.deb\r\n Size/MD5 checksum: 932008 fc79672bf64eaabd41ed1c2f4a42c7da\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_amd64.deb\r\n Size/MD5 checksum: 1890766 ae3832515a97a79b31e0e7f0316356ee\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_amd64.deb\r\n Size/MD5 checksum: 835088 62867e9ba9dfca3c7e8ae575d5a478f5\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_amd64.deb\r\n Size/MD5 checksum: 918844 d2d1bc5f555bc9dba153e2a9a964ffbf\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_amd64.deb\r\n Size/MD5 checksum: 1557924 5c2a33a015dd44708a9cc7602ca2525c\r\n\r\narm architecture &#40;ARM&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_arm.deb\r\n Size/MD5 checksum: 909974 4c1cef835efc0b7ff3fea54a618eabee\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_arm.deb\r\n Size/MD5 checksum: 835284 3ac835d926481c9e0f589b578455ddee\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_arm.deb\r\n Size/MD5 checksum: 928252 b98e98b58c61be02e477185293427d5c\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_arm.deb\r\n Size/MD5 checksum: 1778292 b903adf3d1fa6e7a26f7cafb7bffdd6b\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_arm.deb\r\n Size/MD5 checksum: 1344158 78b6cf6b2974983e8e3670468da73cd1\r\n\r\nhppa architecture &#40;HP PA RISC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_hppa.deb\r\n Size/MD5 checksum: 835940 9eeaf116e386dd7733ab2106c662dfa9\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_hppa.deb\r\n Size/MD5 checksum: 1809132 78bb5f1c12b004d32fa265e6bd99ffa1\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_hppa.deb\r\n Size/MD5 checksum: 1926116 71c7f3095ffe1bb22e84ade21f32b3a4\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_hppa.deb\r\n Size/MD5 checksum: 935434 85deac8531b02a0fdf3c9baa21d8e4bd\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_hppa.deb\r\n Size/MD5 checksum: 935640 958cb158264f75772864cd5d5c0bf251\r\n\r\ni386 architecture &#40;Intel ia32&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_i386.deb\r\n Size/MD5 checksum: 1423294 f05c7491a8100684c5085588738f05b5\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_i386.deb\r\n Size/MD5 checksum: 833970 cb705c9fe9418cc9348ac935ea7b0ba2\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_i386.deb\r\n Size/MD5 checksum: 920070 3df41a0c99c41d1bccf6801011cf8ed5\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_i386.deb\r\n Size/MD5 checksum: 925914 159b4244ef701edbe0fb8c9685b5b477\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_i386.deb\r\n Size/MD5 checksum: 1838900 3b7ac7b8fe0da1a3909ee56aba46d464\r\n\r\nia64 architecture &#40;Intel ia64&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_ia64.deb\r\n Size/MD5 checksum: 2205680 6868a56b1db04627e6921bf7237939a2\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_ia64.deb\r\n Size/MD5 checksum: 970440 783f0cccabfbcc63590730b3803d164d\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_ia64.deb\r\n Size/MD5 checksum: 2281114 fd04b505755a3aed0fe4c9baaac84500\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_ia64.deb\r\n Size/MD5 checksum: 842690 9f9ca89c3d3ba7c46481e9cd39c242a6\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_ia64.deb\r\n Size/MD5 checksum: 962854 c8a32f808d719357a5b6350e2b60794e\r\n\r\nmips architecture &#40;MIPS &#40;Big Endian&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mips.deb\r\n Size/MD5 checksum: 895414 5dd919d188291cb3727d39b5e06c9e26\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mips.deb\r\n Size/MD5 checksum: 927342 28c245db4d8ea82ba4075b27d674d72a\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mips.deb\r\n Size/MD5 checksum: 833182 0e0b21e13d77de82bed7a38d30f65e4b\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mips.deb\r\n Size/MD5 checksum: 1769524 24bdc73a3d20c4046c7741957442c713\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mips.deb\r\n Size/MD5 checksum: 1717562 977ae5c34a127d32d8f2bf222de9a431\r\n\r\nmipsel architecture &#40;MIPS &#40;Little Endian&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mipsel.deb\r\n Size/MD5 checksum: 1755032 cab5c112911465a9ce23a0d2ea44ded9\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mipsel.deb\r\n Size/MD5 checksum: 926616 2bf14a3fe74d9f2a523aacc8b04f5282\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mipsel.deb\r\n Size/MD5 checksum: 895194 b7c9ed37bf83ad92371f5472ac5d917b\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mipsel.deb\r\n Size/MD5 checksum: 833098 08b63ba6c3becf25ba2f941a532a7b71\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mipsel.deb\r\n Size/MD5 checksum: 1720642 1ff7568eb478edee923edb76cf42e9ac\r\n\r\npowerpc architecture &#40;PowerPC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_powerpc.deb\r\n Size/MD5 checksum: 941434 bbac9384bd7f88339e2b86fa665208c1\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_powerpc.deb\r\n Size/MD5 checksum: 835212 4790d79f8de7f1bee7aabf0473f25268\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_powerpc.deb\r\n Size/MD5 checksum: 1657890 b91fcf52e80c7196cea0c13df9ac79ef\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_powerpc.deb\r\n Size/MD5 checksum: 1803262 4d298c9509941390c7b2eb68320ad211\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_powerpc.deb\r\n Size/MD5 checksum: 928170 b17966a6a61313344ac827b58f32eeef\r\n\r\ns390 architecture &#40;IBM S/390&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_s390.deb\r\n Size/MD5 checksum: 1409718 2a128cbdce2522ef49604255cff41af2\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_s390.deb\r\n Size/MD5 checksum: 931452 d3bb7c3a849cd2b35fa6e4acb19c318d\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_s390.deb\r\n Size/MD5 checksum: 1834914 67e5b946df18b06b41b3e108d5ddc4e3\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_s390.deb\r\n Size/MD5 checksum: 836102 7a4b85e8ea0e50d7213997b5f7d6309f\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_s390.deb\r\n Size/MD5 checksum: 903864 3f80e78e4e2672aacf3da0690ff24b79\r\n\r\nsparc architecture &#40;Sun SPARC/UltraSPARC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_sparc.deb\r\n Size/MD5 checksum: 925336 5824ea607689f3f1bd62a9e6e28f95ae\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_sparc.deb\r\n Size/MD5 checksum: 1548630 1378d1cf730d3026bc1f01a4ab2ccedb\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_sparc.deb\r\n Size/MD5 checksum: 918592 28a086f6aa2ee8d510b38c1a177843fc\r\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_sparc.deb\r\n Size/MD5 checksum: 834186 068cbf2b4774ecf9504b820db26e6f1d\r\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_sparc.deb\r\n Size/MD5 checksum: 1782014 d39fae5fe0d1397a2a1bd7397d6e850a\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 &#40;GNU/Linux&#41;\r\n\r\niQEVAwUBSRawfWz0hbPcukPfAQKr8gf/ey+YyHiWXy1vCzmmbI7Xk2ktHZCEEoBW\r\n4fk2Yzycp7YHF7sJ6b8EIqzlBKiQSR+o+X0804loyanOuH3lBlk+zXeWisuou2jo\r\nsjk4r4VbwUEJkIOHIRJYA3NBnFzzwl7RNkO/xc6QPXqNnYVxouB4XR8DwmwwHK1k\r\nGIJ8TSG/o3Hxl1k77sp8d31FvHoEvSyW/u2aAlcRoEXWVCgMzpREVN/M0+O4LFRM\r\nrrA/0meZxLy/3n9GF9Yo2OCvj5rTZ4yjY6c8iq6hwEopemQUH4OCIVsPBKMQ1uJ0\r\nwdZEvSbQksbBy9yxy0ajeF03IxzCcJia7bBS3/g5F46WU8LUAjkUAw==\r\n=ct1Q\r\n-----END PGP SIGNATURE-----", "modified": "2008-11-10T00:00:00", "published": "2008-11-10T00:00:00", "id": "SECURITYVULNS:DOC:20828", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20828", "title": "[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "d2": [{"lastseen": "2016-09-25T14:10:49", "bulletinFamily": "exploit", "description": "**Name**| d2sec_snmpv3 \n---|--- \n**CVE**| CVE-2008-0960 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| SNMPv3 HMAC Vulnerability \n**Notes**| \n", "modified": "2008-06-10T14:32:00", "published": "2008-06-10T14:32:00", "id": "D2SEC_SNMPV3", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_snmpv3", "title": "DSquare Exploit Pack: D2SEC_SNMPV3", "type": "d2", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-25T10:56:27", "bulletinFamily": "scanner", "description": "Check for the Version of ucd-snmp", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880205", "id": "OPENVAS:880205", "title": "CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Simple Network Management Protocol (SNMP) is a protocol used for\n network management.\n\n A flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash\n Message Authentication Code (HMAC). An attacker could use this flaw to\n spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n \n All users of ucd-snmp should upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"ucd-snmp on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014972.html\");\n script_id(880205);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0528-01\");\n script_cve_id(\"CVE-2008-0960\");\n script_name( \"CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386\");\n\n script_summary(\"Check for the Version of ucd-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp\", rpm:\"ucd-snmp~4.2.5~8.AS21.7\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp-devel\", rpm:\"ucd-snmp-devel~4.2.5~8.AS21.7\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp-utils\", rpm:\"ucd-snmp-utils~4.2.5~8.AS21.7\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:17", "bulletinFamily": "scanner", "description": "Check for the Version of ucd-snmp", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870049", "id": "OPENVAS:1361412562310870049", "title": "RedHat Update for ucd-snmp RHSA-2008:0528-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ucd-snmp RHSA-2008:0528-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Simple Network Management Protocol (SNMP) is a protocol used for\n network management.\n\n A flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash\n Message Authentication Code (HMAC). An attacker could use this flaw to\n spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n \n All users of ucd-snmp should upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"ucd-snmp on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870049\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0528-01\");\n script_cve_id(\"CVE-2008-0960\");\n script_name( \"RedHat Update for ucd-snmp RHSA-2008:0528-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ucd-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp\", rpm:\"ucd-snmp~4.2.5~8.AS21.7\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp-devel\", rpm:\"ucd-snmp-devel~4.2.5~8.AS21.7\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp-utils\", rpm:\"ucd-snmp-utils~4.2.5~8.AS21.7\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:39", "bulletinFamily": "scanner", "description": "Check for the Version of ucd-snmp", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870049", "id": "OPENVAS:870049", "title": "RedHat Update for ucd-snmp RHSA-2008:0528-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ucd-snmp RHSA-2008:0528-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Simple Network Management Protocol (SNMP) is a protocol used for\n network management.\n\n A flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash\n Message Authentication Code (HMAC). An attacker could use this flaw to\n spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n \n All users of ucd-snmp should upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"ucd-snmp on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00006.html\");\n script_id(870049);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0528-01\");\n script_cve_id(\"CVE-2008-0960\");\n script_name( \"RedHat Update for ucd-snmp RHSA-2008:0528-01\");\n\n script_summary(\"Check for the Version of ucd-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp\", rpm:\"ucd-snmp~4.2.5~8.AS21.7\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp-devel\", rpm:\"ucd-snmp-devel~4.2.5~8.AS21.7\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp-utils\", rpm:\"ucd-snmp-utils~4.2.5~8.AS21.7\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:41", "bulletinFamily": "scanner", "description": "Check for the Version of ucd-snmp", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880205", "id": "OPENVAS:1361412562310880205", "type": "openvas", "title": "CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Simple Network Management Protocol (SNMP) is a protocol used for\n network management.\n\n A flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash\n Message Authentication Code (HMAC). An attacker could use this flaw to\n spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n \n All users of ucd-snmp should upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"ucd-snmp on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014972.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880205\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0528-01\");\n script_cve_id(\"CVE-2008-0960\");\n script_name( \"CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ucd-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp\", rpm:\"ucd-snmp~4.2.5~8.AS21.7\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp-devel\", rpm:\"ucd-snmp-devel~4.2.5~8.AS21.7\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ucd-snmp-utils\", rpm:\"ucd-snmp-utils~4.2.5~8.AS21.7\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:14", "bulletinFamily": "scanner", "description": "Check for the Version of net-snmp", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860895", "id": "OPENVAS:860895", "title": "Fedora Update for net-snmp FEDORA-2008-5215", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for net-snmp FEDORA-2008-5215\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SNMP (Simple Network Management Protocol) is a protocol used for\n network management. The NET-SNMP project includes various SNMP tools:\n an extensible agent, an SNMP library, tools for requesting or setting\n information from SNMP agents, tools for generating and handling SNMP\n traps, a version of the netstat command which uses SNMP, and a Tk/Perl\n mib browser. This package contains the snmpd and snmptrapd daemons,\n documentation, etc.\n\n You will probably also want to install the net-snmp-utils package,\n which contains NET-SNMP utilities.\n \n Building option:\n \t--without tcp_wrappers : disable tcp_wrappers support\";\n\ntag_affected = \"net-snmp on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html\");\n script_id(860895);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-5215\");\n script_cve_id(\"CVE-2008-2292\", \"CVE-2008-0960\");\n script_name( \"Fedora Update for net-snmp FEDORA-2008-5215\");\n\n script_summary(\"Check for the Version of net-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~18.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:44", "bulletinFamily": "scanner", "description": "Check for the Version of net-snmp", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830748", "id": "OPENVAS:1361412562310830748", "type": "openvas", "title": "Mandriva Update for net-snmp MDVSA-2008:118 (net-snmp)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for net-snmp MDVSA-2008:118 (net-snmp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's\n Keyed-Hash Message Authentication Code (HMAC). An attacker\n could exploit this flaw to spoof an authenticated SNMPv3 packet\n (CVE-2008-0960).\n\n A buffer overflow was found in the perl bindings for Net-SNMP that\n could be exploited if an attacker could convince an application\n using the Net-SNMP perl modules to connect to a malicious SNMP agent\n (CVE-2008-2292).\n \n The updated packages have been patched to prevent these issues.\";\n\ntag_affected = \"net-snmp on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-06/msg00028.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830748\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:118\");\n script_cve_id(\"CVE-2008-0960\", \"CVE-2008-2292\");\n script_name( \"Mandriva Update for net-snmp MDVSA-2008:118 (net-snmp)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of net-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp10\", rpm:\"libnet-snmp10~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp10-devel\", rpm:\"libnet-snmp10-devel~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp10-static-devel\", rpm:\"libnet-snmp10-static-devel~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-mibs\", rpm:\"net-snmp-mibs~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-trapd\", rpm:\"net-snmp-trapd~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-NetSNMP\", rpm:\"perl-NetSNMP~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp10\", rpm:\"lib64net-snmp10~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp10-devel\", rpm:\"lib64net-snmp10-devel~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp10-static-devel\", rpm:\"lib64net-snmp10-static-devel~5.3.1~3.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp15\", rpm:\"libnet-snmp15~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp-devel\", rpm:\"libnet-snmp-devel~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp-static-devel\", rpm:\"libnet-snmp-static-devel~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-mibs\", rpm:\"net-snmp-mibs~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-trapd\", rpm:\"net-snmp-trapd~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-NetSNMP\", rpm:\"perl-NetSNMP~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp15\", rpm:\"lib64net-snmp15~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp-devel\", rpm:\"lib64net-snmp-devel~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp-static-devel\", rpm:\"lib64net-snmp-static-devel~5.4.1~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp15\", rpm:\"libnet-snmp15~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp-devel\", rpm:\"libnet-snmp-devel~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnet-snmp-static-devel\", rpm:\"libnet-snmp-static-devel~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-mibs\", rpm:\"net-snmp-mibs~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-tkmib\", rpm:\"net-snmp-tkmib~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-trapd\", rpm:\"net-snmp-trapd~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-NetSNMP\", rpm:\"perl-NetSNMP~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp15\", rpm:\"lib64net-snmp15~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp-devel\", rpm:\"lib64net-snmp-devel~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64net-snmp-static-devel\", rpm:\"lib64net-snmp-static-devel~5.4.1~5.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:54", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200808-02.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=61393", "id": "OPENVAS:61393", "title": "Gentoo Security Advisory GLSA 200808-02 (net-snmp)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Net-SNMP allow for authentication bypass in\nsnmpd and execution of arbitrary code in Perl applications using Net-SMNP.\";\ntag_solution = \"All Net-SNMP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/net-snmp-5.4.1.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200808-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=222265\nhttp://bugs.gentoo.org/show_bug.cgi?id=225105\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200808-02.\";\n\n \n\nif(description)\n{\n script_id(61393);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-0960\", \"CVE-2008-2292\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200808-02 (net-snmp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-analyzer/net-snmp\", unaffected: make_list(\"ge 5.4.1.1\"), vulnerable: make_list(\"lt 5.4.1.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:41", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n net-snmp\n net-snmp-devel\n perl-SNMP\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5031860 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65573", "id": "OPENVAS:65573", "title": "SLES9: Security update for net-snmp", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5031860.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for net-snmp\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n net-snmp\n net-snmp-devel\n perl-SNMP\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5031860 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65573);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2292\", \"CVE-2008-0960\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for net-snmp\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:18", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n net-snmp\n net-snmp-devel\n perl-SNMP\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065905", "id": "OPENVAS:136141256231065905", "type": "openvas", "title": "SLES10: Security update for net-snmp", "sourceData": "#\n#VID slesp2-net-snmp-5422\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for net-snmp\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n net-snmp\n net-snmp-devel\n perl-SNMP\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65905\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2292\", \"CVE-2008-0960\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for net-snmp\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:07", "bulletinFamily": "scanner", "description": "Check for the Version of net-snmp", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880234", "id": "OPENVAS:1361412562310880234", "title": "CentOS Update for net-snmp CESA-2008:0529 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for net-snmp CESA-2008:0529 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Simple Network Management Protocol (SNMP) is a protocol used for\n network management.\n\n A flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash\n Message Authentication Code (HMAC). An attacker could use this flaw to\n spoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n \n A buffer overflow was found in the Perl bindings for Net-SNMP. This could\n be exploited if an attacker could convince an application using the\n Net-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292)\n \n All users of net-snmp should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"net-snmp on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014970.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880234\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0529\");\n script_cve_id(\"CVE-2008-2292\", \"CVE-2008-0960\");\n script_name( \"CentOS Update for net-snmp CESA-2008:0529 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of net-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.0.9~2.30E.24\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.0.9~2.30E.24\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.0.9~2.30E.24\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.0.9~2.30E.24\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.0.9~2.30E.24\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T22:34:22", "bulletinFamily": "exploit", "description": "SNMPv3 HMAC validation error Remote Authentication Bypass Exploit. CVE-2008-0960. Remote exploits for multiple platform", "modified": "2008-06-12T00:00:00", "published": "2008-06-12T00:00:00", "id": "EDB-ID:5790", "href": "https://www.exploit-db.com/exploits/5790/", "type": "exploitdb", "title": "SNMPv3 - HMAC validation error Remote Authentication Bypass Exploit", "sourceData": "#############################################################################\r\n# #\r\n# snmpv3_exp.sh exploit the vulnerability described in CVE-2008-0960, the #\r\n# HMAC check problem (on multiple vendor) #\r\n# #\r\n# Copyright (c) 2008 @ Mediaservice.net Srl. All rights reserved #\r\n# Wrote by Maurizio Agazzini <inode[at]mediaservice.net> #\r\n# http://lab.mediaservice.net/ #\r\n# #\r\n#############################################################################\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5790.tgz (2008-snmpv3_exp.tgz)\r\n\r\n# milw0rm.com [2008-06-12]\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/5790/"}], "cisco": [{"lastseen": "2018-07-14T16:40:42", "bulletinFamily": "software", "description": "Multiple Cisco products contain either of two authentication\nvulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3)\nfeature. These vulnerabilities can be exploited when processing a malformed\nSNMPv3 message. These vulnerabilities could allow the disclosure of network\ninformation or may enable an attacker to perform configuration changes to\nvulnerable devices. The SNMP server is an optional service that is disabled by\ndefault in Cisco products. Only SNMPv3 is impacted by these vulnerabilities.\nWorkarounds are available for mitigating the impact of the vulnerabilities\ndescribed in this document.\n\nNote: SNMP versions 1, 2 and 2c are not impacted by these vulnerabilities.\n\nThe United States Computer Emergency Response Team (US-CERT) has\nassigned Vulnerability Note\nVU#878044[\"http://www.kb.cert.org/vuls/id/878044\"]\n\nto these vulnerabilities.\n\nCommon Vulnerabilities and Exposures (CVE) identifier\nCVE-2008-0960[\"http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0960\"]\n has also been assigned to these\nvulnerabilities. \n\nThis advisory is posted at\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3\"].", "modified": "2012-11-16T15:40:40", "published": "2008-06-10T00:00:00", "id": "CISCO-SA-20080610-SNMPV3", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3", "type": "cisco", "title": "SNMP Version 3 Authentication Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:38:59", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 29623\r\nCVE(CAN) ID: CVE-2008-0960\r\n\r\nNet-SNMP\u662f\u4e00\u4e2a\u514d\u8d39\u7684\u3001\u5f00\u653e\u6e90\u7801\u7684SNMP\u5b9e\u73b0\uff0c\u4ee5\u524d\u79f0\u4e3aUCD-SNMP\u3002\r\n\r\nNet-SNMP\u5904\u7406\u8ba4\u8bc1\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u8ba4\u8bc1\u83b7\u53d6SNMP\u5bf9\u8c61\u7684\u8bbf\u95ee\u3002\r\n\r\nNet-SNMP\u7684\u8ba4\u8bc1\u4ee3\u7801\u4f9d\u8d56\u4e8e\u7528\u6237\u8f93\u5165\u4e2d\u6240\u6307\u5b9a\u7684HMAC\u957f\u5ea6\u8bfb\u53d6\u6240\u8981\u68c0\u67e5\u7684\u957f\u5ea6\u3002SNMPv3\u7684\u8ba4\u8bc1\u662f\u4f7f\u7528HMAC\u5b9e\u73b0\u7684\uff0c\u5982\u679c\u7528\u6237\u5728\u8ba4\u8bc1\u4ee3\u7801\u5b57\u6bb5\u4e2d\u63d0\u4f9b\u4e86\u5355\u5b57\u8282\u7684HMAC\u4ee3\u7801\u7684\u8bdd\uff0c\u7531\u4e8e\u4ec5\u4f1a\u68c0\u67e5\u7b2c\u4e00\u4e2a\u5b57\u8282\uff0c\u56e0\u6b64\u5c31\u4f1a\u67091/256\u7684\u6982\u7387\u5339\u914d\u6b63\u786e\u7684HMAC\u5e76\u901a\u8fc7\u8ba4\u8bc1\uff0c\u8fd9\u5927\u5927\u7684\u63d0\u9ad8\u4e86\u66b4\u529b\u731c\u6d4b\u7684\u6210\u529f\u7387\u3002\u8fd9\u4e2a\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u548c\u4fee\u6539\u4efb\u4f55\u4f7f\u7528\u767b\u5f55\u7cfb\u7edf\u7684\u8ba4\u8bc1\u51ed\u636e\u53ef\u8bbf\u95ee\u7684SNMP\u5bf9\u8c61\u3002\n0\nNet-SNMP net-snmp 5.4.x\r\nNet-SNMP net-snmp 5.3.x\r\nNet-SNMP net-snmp 5.2.x\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u5728Cisco\u8bbe\u5907\u4e2d\u53ef\u5e94\u7528\u4ee5\u4e0b\u63aa\u65bd\uff1a\r\n\r\n* \u90e8\u7f72\u4ee5\u4e0b\u57fa\u7840\u67b6\u6784ACL\uff08iACL\uff09\r\n \r\n !--- Permit SNMP UDP 161 packets from\r\n !--- trusted hosts destined to infrastructure addresses.\r\n \r\n access-list 150 permit udp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK eq 161\r\n \r\n !--- Deny SNMP UDP 161 packets from all\r\n !--- other sources destined to infrastructure addresses.\r\n \r\n access-list 150 deny udp any INFRASTRUCTURE_ADDRESSES MASK eq 161\r\n \r\n !--- Permit/deny all other Layer 3 and Layer 4 traffic in accordance\r\n !--- with existing security policies and configurations\r\n !--- Permit all other traffic to transit the device.\r\n \r\n access-list 150 permit ip any anyinterface serial 2/0ip access-group 150 in\r\n \r\n* \u90e8\u7f72\u4ee5\u4e0b\u63a7\u5236\u9762\u6574\u578b\uff08CoPP\uff09\r\n\r\n !--- Deny SNMP UDP traffic from trusted hosts to all IP addresses\r\n !--- configured on all interfaces of the affected device so that\r\n \r\n !--- it will be allowed by the CoPP feature\r\n \r\n \r\n access-list 111 deny udp host 192.168.100.1 any eq 161\r\n \r\n \r\n !--- Permit all other SNMP UDP traffic sent to all IP addresses\r\n !--- configured on all interfaces of the affected device so that it\r\n !--- will be policed and dropped by the CoPP feature\r\n \r\n \r\n access-list 111 permit udp any any eq 161\r\n \r\n \r\n !--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4\r\n !--- traffic in accordance with existing security policies and\r\n !--- configurations for traffic that is authorized to be sent\r\n !--- to infrastructure devices\r\n \r\n !--- Create a Class-Map for traffic to be policed by\r\n !--- the CoPP feature\r\n \r\n \r\n class-map match-all drop-snmpv3-class\r\n match access-group 111\r\n \r\n \r\n !--- Create a Policy-Map that will be applied to the\r\n !--- Control-Plane of the device.\r\n \r\n \r\n policy-map drop-snmpv3-traffic\r\n class drop-snmpv3-class\r\n drop\r\n \r\n \r\n !--- Apply the Policy-Map to the \r\n !--- Control-Plane of the device\r\n \r\n \r\n control-plane\r\n service-policy input drop-snmpv3-traffic\r\n\r\n\u8bf7\u6ce8\u610f\u5728Cisco IOS\u768412.2S\u548c12.0S\u7cfb\u5217\u4e0apolicy-map\u53e5\u6cd5\u6709\u6240\u4e0d\u540c\uff1a\r\n\r\n policy-map drop-snmpv3-traffic\r\n class drop-snmpv3-class\r\n police 32000 1500 1500 conform-action drop exceed-action drop\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nCisco\r\n-----\r\nCisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20080610-snmpv3\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\ncisco-sa-20080610-snmpv3\uff1aSNMP Version 3 Authentication Vulnerabilities\r\n\u94fe\u63a5\uff1a&lt;a href=http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml target=_blank&gt;http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml&lt;/a&gt;\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0528-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0528-01\uff1aModerate: ucd-snmp security update\r\n\u94fe\u63a5\uff1a&lt;a href=https://www.redhat.com/support/errata/RHSA-2008-0528.html target=_blank&gt;https://www.redhat.com/support/errata/RHSA-2008-0528.html&lt;/a&gt;\r\n\r\nNet-SNMP\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n&lt;a href=http://sourceforge.net/projects/net-snmp/ target=_blank&gt;http://sourceforge.net/projects/net-snmp/&lt;/a&gt;", "modified": "2008-06-14T00:00:00", "published": "2008-06-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3418", "id": "SSV:3418", "type": "seebug", "title": "Net-SNMP\u8fdc\u7a0b\u7ed5\u8fc7\u8ba4\u8bc1\u6f0f\u6d1e", "sourceData": "\n http://www.sebug.net/bbs/viewthread.php?tid=17\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-3418", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2018-01-25T01:00:59", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0528-01\n\n\nThe Simple Network Management Protocol (SNMP) is a protocol used for\nnetwork management.\n\nA flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash\nMessage Authentication Code (HMAC). An attacker could use this flaw to\nspoof an authenticated SNMPv3 packet. (CVE-2008-0960)\n\nAll users of ucd-snmp should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/014972.html\n\n**Affected packages:**\nucd-snmp\nucd-snmp-devel\nucd-snmp-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2008-06-10T23:24:29", "published": "2008-06-10T23:24:29", "href": "http://lists.centos.org/pipermail/centos-announce/2008-June/014972.html", "id": "CESA-2008:0528-01", "title": "ucd security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:17", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0529\n\n\nThe Simple Network Management Protocol (SNMP) is a protocol used for\r\nnetwork management.\r\n\r\nA flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash\r\nMessage Authentication Code (HMAC). An attacker could use this flaw to\r\nspoof an authenticated SNMPv3 packet. (CVE-2008-0960)\r\n\r\nA buffer overflow was found in the Perl bindings for Net-SNMP. This could\r\nbe exploited if an attacker could convince an application using the\r\nNet-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292)\r\n\r\nAll users of net-snmp should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/014970.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/014971.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/014980.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/014983.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/014986.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/014989.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/015014.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/015015.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/015040.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/015041.html\n\n**Affected packages:**\nnet-snmp\nnet-snmp-devel\nnet-snmp-libs\nnet-snmp-perl\nnet-snmp-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0529.html", "modified": "2008-06-27T09:57:43", "published": "2008-06-10T20:39:52", "href": "http://lists.centos.org/pipermail/centos-announce/2008-June/014970.html", "id": "CESA-2008:0529", "title": "net security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "bulletinFamily": "unix", "description": "### Background\n\nNet-SNMP is a collection of tools for generating and retrieving SNMP data. The SNMPv3 protocol uses a keyed-Hash Message Authentication Code (HMAC) to verify data integrity and authenticity of SNMP messages. \n\n### Description\n\nWes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length (CVE-2008-0960). John Kortink reported a buffer overflow in the Perl bindings of Net-SNMP when processing the OCTETSTRING in an attribute value pair (AVP) received by an SNMP agent (CVE-2008-2292). \n\n### Impact\n\nAn attacker could send SNMPv3 packets to an instance of snmpd providing a valid user name and an HMAC length value of 1, and easily conduct brute-force attacks to bypass SNMP authentication. An attacker could further entice a user to connect to a malicious SNMP agent with an SNMP client using the Perl bindings, possibly resulting in the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Net-SNMP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/net-snmp-5.4.1.1\"", "modified": "2008-08-06T00:00:00", "published": "2008-08-06T00:00:00", "id": "GLSA-200808-02", "href": "https://security.gentoo.org/glsa/200808-02", "type": "gentoo", "title": "Net-SNMP: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T02:37:02", "bulletinFamily": "unix", "description": "New net-snmp packages are available for Slackware 12.0, 12.1, and -current to\nfix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292\n\n\nHere are the details from the Slackware 12.1 ChangeLog:\n\npatches/packages/net-snmp-5.4.1.2-i486-1_slack12.1.tgz:\n Upgraded to net-snmp-5.4.1.2.\n A vulnerability was discovered where an attacked could spoof an authenticated\n SNMPv3 packet due to incorrect HMAC checking. Also, a buffer overflow was\n found that could be exploited if an application using the net-snmp perl\n modules connects to a malicious server.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/net-snmp-5.4.1.2-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/net-snmp-5.4.1.2-i486-1_slack12.1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/net-snmp-5.4.1.2-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\ne5c916d2bf7a865d48547b727fc21d26 net-snmp-5.4.1.2-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n9e42a9a2aad1caffde814d4d5346b707 net-snmp-5.4.1.2-i486-1_slack12.1.tgz\n\nSlackware -current package:\n611ca8b6481ff2e9860f6ecff5e6367c net-snmp-5.4.1.2-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg net-snmp-5.4.1.2-i486-1_slack12.1.tgz", "modified": "2008-07-28T22:33:31", "published": "2008-07-28T22:33:31", "id": "SSA-2008-210-07", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.388995", "title": "net-snmp", "type": "slackware", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-12-25T20:18:21", "bulletinFamily": "info", "description": "### Overview \n\nA vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. \n\n### Description \n\nSNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and privacy control among other features. Authentication for SNMPv3 is done using keyed-Hash Message Authentication Code (HMAC), a message authentication code calculated using a cryptographic hash function in combination with a secret key. Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte.\n\nThis issue is known to affect Net-SNMP and UCD-SNMP. Other SNMP implementations may also be affected. \n \n--- \n \n### Impact \n\nThis vulnerability allows attackers to read and modify any SNMP object that can be accessed by the impersonated user. Attackers exploiting this vulnerability can view and modify the configuration of these devices. \n \n--- \n \n### Solution \n\n \n**Upgrade** \n \nThis vulnerability is addressed in Net-SNMP versions 5.4.1.1, 5.3.2.1, 5.2.4.1, 5.1.4.1, 5.0.11.1 and UCD-SNMP 4.2.7.1. Please see the [Net-SNMP download page](<http://www.net-snmp.org/download.html>). \n \nAlternatively, consult your vendor. See the Systems Affected section below for more information. \n \n**Apply a patch** \n \nNet-SNMP has released a patch to address this issue. For more information refer to [SECURITY RELEASE: Multple Net-SNMP Versions Released](<http://sourceforge.net/forum/forum.php?forum_id=833770>). Users are encouraged to apply the patch as soon as possible. Note that patch should apply cleanly to UCD-snmp too. \n \n--- \n \n \n**Enable the SNMPv3 privacy subsystem** \n \nThe configuration should be modified to enable the SNMPv3 privacy subsystem to encrypt the SNMPv3 traffic using a secret, private key. This option does not encrypt the HMAC, but does minimize the possible affects from this vulnerability. \n \n--- \n \n### Vendor Information\n\n878044\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ Extreme Networks \n\nNotified: May 20, 2008 Updated: April 22, 2009 \n\n**Statement Date: April 20, 2009**\n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nExtreme Networks products running \"Extremeware\" software are not vulnerable.\n\nExtreme Networks products running \"EXOS\" software are vulnerable. \nThis vulnerability is fixed in EXOS patch release 11.6.4.11-patch1-7 and will be integrated into the subsequent sustaining releases.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ __ Global Technology Associates \n\nNotified: May 20, 2008 Updated: July 16, 2009 \n\n**Statement Date: July 16, 2009**\n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`Global Technology Associates products running GB-OS 5.1.4 and later are not vulnerable. GTA products running earlier versions of GB-OS are vulnerable if the SNMP service is utilized and enable.`\n\n`Customers running systems with GB-OS prior to version 5.1.4 are encouraged to update their GTA product to GB-OS 5.1.4 or 5.2.x. In the event that it is not possible to update your GTA product, customers should disable the SNMP service on their system to prevent the exploit of this vulnerability.`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Internet Initiative Japan \n\nUpdated: June 19, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Juniper Networks, Inc. \n\nNotified: May 20, 2008 Updated: June 09, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nJuniper Networks has confirmed that its Session and Resource Control appliances are susceptible to this vulnerability. Customers run SRC versions 1.0.0, 1.0.1, or 2.0.0 on their C-series appliances are encouraged to contact the Juniper Networks Customer Support Center for more detailed information and for product updates.\n\nAll other Juniper Networks products are NOT susceptible to this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Network Appliance, Inc. \n\nNotified: May 20, 2008 Updated: June 04, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nThe only NetApp product susceptible to this issue is our early access version of the next major product release. Data ONTAP releases 7.3RC1 and 7.\n\n3RC2 are affected. \n \nThe code does not exist in any 6.5, 7.0, 7.1 or 7.2 or 10.0 release.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Red Hat, Inc. \n\nNotified: May 20, 2008 Updated: June 06, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nThis issue affects the ucd-snmp package as shipped with Red Hat Enterprise Linux 2.1, and the net-snmp package as shipped with Red Hat Enterprise Linux 3, 4, and 5. Updated packages to correct this issue are available along with our advisories at the URL below and via the Red Hat Network:\n\n<http://rhn.redhat.com/cve/CVE-2008-2292.html>\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ SNMP Research \n\nUpdated: June 06, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nVulnerabilities have been found in the authentication code in multiple implementations of SNMPv3 including NetSNMP, SNMP Research, and many products derived from these reference\n\nimplementations. \n \nThe vulnerabilities in the implementations are slightly different but both allow a sender to create certain malformed packets which will be accepted as authentic by the receiver even though they are not authentic and thereby allow an interloper to masquerade as another principal. \n \nThe vulnerability applies equally to use of either MD5 or SHA-1. \n \nThis vulnerability is present in multiple products including those of SNMP Research. \n \nThis vulnerability is present in all SNMP Research products which support SNMPv3 up through and including Release 16.1, i.e., the vulnerability was present in SNMP Research product \nReleases 15.1, 15.2, 15.3, 15.4, and 16.1, as well as products derived from those code bases unless upgraded, (please see the next paragraph). \n \nSNMP Research product Release 16.2 and subsequent releases are believed to not be subject to this vulnerability. SNMP Research product Release 16.2 became generally available in late 2006 and all SNMP Research customers with support agreements should have received product distributions that are not subject to this vulnerability in December 2006 or January 2007. SNMP Research products shipped after that time are not believed to be subject to this vulnerability. \n \nIn SNMPv3, the authentication subsystem is responsible for protecting against multiple threats: \n \nModification of Information, \nMasquerade, and \nMessage Stream Modification \n \nThis vulnerability potentially compromises the protections against each of the above threats. \n \nThe vulnerability is in the implementations. There are no known problems with the protocol design or specifications in this regard. \n \n \nRemediation \n \nIt is suggested that users upgrade to current versions of the software which do not have these implementation problems and the resulting vulnerabilities. \n \n \nShort-Term Mitigation \n \nA short-term workaround for users who are unable to upgrade in a timely fashion is to modify their configuration data to enable the SNMPv3 privacy subsystem (if it is not already in use), i.e., to encrypt the SNMPv3 traffic using a secret, private key. \n \nBy so doing, it is believed that it will not be computationally feasible for interlopers to \"forge\" valid packets without knowledge of the secret encryption key, i.e., such packets will be dropped at the receiver, thereby somewhat mitigating the problem by thwarting exploitation of the vulnerability. \n \nHowever, while this workaround provides for data origin authentication of the payload of the message, and thereby defends against the masquerade threat (provided that secret encryption key remains known only to legitimate senders and receivers), it does not protect against the two other threats identified above. In particular, the message headers are not protected against the modification of information threat. The message timeliness indicators, which are in the message headers, are potentially subject to manipulation by an interloper, thereby enabling replay attacks (message stream modification threat). An interloper can sucessfully replay valid packets that have been captured since the encryption key(s) in use were most recently changed. \n \nTherefore, enabling encryption should be viewed as a short-term mitigation strategy that is better than doing nothing but not as good as the recommended remdiation strategy. \n \n \nCredits \n \nThese vulnerabilities were first identified by Dr. Tom Dunigan of \nthe University of Tennessee. \n \n \nFor More Information \n \nSpecifications: \nPlease see RFCs 3410 and 3414. \n \nTechnical Support: \nsupport@snmp.com \n+1 865 579 3311 \n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Sun Microsystems, Inc. \n\nNotified: May 20, 2008 Updated: June 16, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nSun has issued the following Security Sun Alert describing the affected products, any workarounds or resolution available:\n\nSun Alert 238865 SNMPv3 Authentication Bypass Vulnerability in snmpd(1M) <http://sunsolve.sun.com/search/document.do?assetkey=1-66-238865-1> \n \nThe above Sun Alert would be updated as and when fully tested patches for the issue are available.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ eCosCentric \n\nUpdated: June 13, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nFixed in [CVS](<http://ecos.sourceware.org/cgi-bin/cvsweb.cgi/ecos-opt/snmp/lib/current/ChangeLog?rev=1.15&content-type=text/x-cvsweb-markup&cvsroot=ecos>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23878044 Feedback>).\n\n### __ netsnmp \n\nNotified: May 16, 2008 Updated: June 10, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://sourceforge.net/forum/forum.php?forum_id=833770>**.**\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23878044 Feedback>).\n\n### __ AdventNet Inc. \n\nNotified: June 13, 2008 Updated: June 18, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.adventnet.com/products/cert_snmp_authentication_vulnerability_notes.html> for more information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23878044 Feedback>).\n\n### __ Computer Associates \n\nNotified: May 20, 2008 Updated: June 20, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Computer Associates eTrust Security Management \n\nNotified: May 20, 2008 Updated: June 20, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Force10 Networks, Inc. \n\nNotified: May 20, 2008 Updated: June 12, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\n`Force10 Networks' FTOS is unaffected by this vulnerability.`\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Fortinet, Inc. \n\nNotified: May 20, 2008 Updated: May 27, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Foundry Networks, Inc. \n\nNotified: May 20, 2008 Updated: June 17, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Funkwerk Enterprise Communications \n\nUpdated: June 18, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nUS-CERT has recently published a Security Alert concerning a \u201cSNMPv3 Authentication Bypass Vulnerability\u201d (see <http://www.us-cert.gov/cas/techalerts/TA08-162A.html> for details).\n\nWe would like our customers to know that all Funkwerk Enterprise Communications products running a version of the BOSS operating system are NOT affected by this vulnerability. \n \nThe respective products are: \no devices of the R2xx Series (e.g. R232bw), Rxx00 Series (e.g. R3000w), X Series (e.g. X2302) and VPN Series of gateways \no devices of the Wx002, WIx040 and WIx065 Series of WLAN products running the BOSS operating system. \n \nAlso note that SNMP V 3 which is affected by the vulnerability was not introduced before System Software 7.4.1.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IBM Corporation \n\nNotified: May 20, 2008 Updated: June 18, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Intel Corporation \n\nNotified: May 20, 2008 Updated: May 21, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Internet Security Systems, Inc. \n\nNotified: May 20, 2008 Updated: June 04, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Microsoft Corporation \n\nNotified: May 20, 2008 Updated: May 28, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Novell, Inc. \n\nNotified: May 20, 2008 Updated: June 04, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Stonesoft \n\nNotified: May 20, 2008 Updated: June 23, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nStonesoft products are not affected by this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ TippingPoint, Technologies, Inc. \n\nNotified: May 20, 2008 Updated: May 21, 2008 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ 3com, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ ACCESS \n\nNotified: June 02, 2008 Updated: June 02, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ AT&amp;T \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Alcatel \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Apple Computer, Inc. \n\nNotified: June 02, 2008 Updated: June 02, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Aruba Networks, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Asante Technologies, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Atheros Communications, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Avaya, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Avici Systems, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ BEA Systems, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Borderware Technologies \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Bro \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Broadcom \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Charlotte's Web Networks \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Check Point Software Technologies \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Cisco Systems, Inc. \n\nNotified: May 20, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml> for more information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23878044 Feedback>).\n\n### __ Clavister \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Conectiva Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Cosinecom \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Covalent Technologies \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Cray Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Cyclades, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ D-Link Systems, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Data Connection, Ltd. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Debian GNU/Linux \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ EMC Corporation \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Engarde Secure Linux \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Enterasys Networks \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Ericsson \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ F5 Networks, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Fedora Project \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ FreeBSD, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Fujitsu \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Gentoo Linux \n\nNotified: June 04, 2008 Updated: June 04, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Harris Corporation \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Hewlett-Packard Company \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Hitachi \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Hyperchip \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IBM Corporation (zseries) \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IBM eServer \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IP Filter \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IP Infusion, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Ingrian Networks, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Inktomi Corporation (now Yahoo!) \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Intoto \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Lantronix \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Linux Kernel Archives \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Lotus Software \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Lucent Technologies \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Luminous Networks \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Mandriva, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Marconi, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ McAfee \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ MetaSwitch \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Metrobility, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ MontaVista Software, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Motion Media Technologies, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Multinet (owned Process Software Corporation) \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Multitech, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ NEC Corporation \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Net-Policy \n\nUpdated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ NetBSD \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Netgear, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Netscape Communications Corporation \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ NextHop Technologies, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Nokia \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Nortel Networks, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ OpenBSD \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Openwall GNU/*/Linux \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Oracle Corporation \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Polycom \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ QNX, Software Systems, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ QUALCOMM Incorporated \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Quagga \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Rad Vision, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Redback Networks, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Riverstone Networks, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ SUSE Linux \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Secure Computing Network Security Division \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Secureworx, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Silicon Graphics, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Slackware Linux Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ SmoothWall \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Snort \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Soapstone Networks \n\nNotified: June 02, 2008 Updated: June 02, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Sony Corporation \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Sourcefire \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Symantec, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ The SCO Group \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ The Teamware Group \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Trustix Secure Linux \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Turbolinux \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Ubuntu \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Vertical Networks, Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Watchguard Technologies, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Wind River Systems, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ ZyXEL \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ cPanel Inc. \n\nNotified: June 13, 2008 Updated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ eSoft, Inc. \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ m0n0wall \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ netfilter \n\nNotified: May 20, 2008 Updated: May 20, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ netsnmpj \n\nUpdated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ openSNMP \n\nUpdated: June 13, 2008 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://sourceforge.net/forum/forum.php?forum_id=833770>\n * <http://www.ocert.org/advisories/ocert-2008-006.html>\n * <http://secunia.com/advisories/30574/>\n * <http://secunia.com/advisories/30665/>\n * <http://sunsolve.sun.com/search/document.do?assetkey=1-66-238865-1>\n\n### Credit\n\nThis issue was reported by Wes Hardaker at Net-SNMP. Thanks also to Jeff Case of SNMP Research and oCERT \n\nThis document was written by Chris Taschner and David Warren. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2008-0960](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0960>) \n---|--- \n**Severity Metric:****** | 7.56 \n**Date Public:** | 2008-05-31 \n**Date First Published:** | 2008-06-10 \n**Date Last Updated: ** | 2009-07-16 18:00 UTC \n**Document Revision: ** | 36 \n", "modified": "2009-07-16T18:00:00", "published": "2008-06-10T00:00:00", "id": "VU:878044", "href": "https://www.kb.cert.org/vuls/id/878044", "type": "cert", "title": "SNMPv3 improper HMAC validation allows authentication bypass", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:59", "bulletinFamily": "unix", "description": "[5.3.1-24.1]\n- fix buffer overflow in perl module (CVE-2008-2292) (#449897)\n- fix SNMPv3 authentication checks (unknown CVE) (#449897)", "modified": "2008-06-10T00:00:00", "published": "2008-06-10T00:00:00", "id": "ELSA-2008-0529", "href": "http://linux.oracle.com/errata/ELSA-2008-0529.html", "title": "net-snmp security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:27", "bulletinFamily": "unix", "description": "Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user\u2019s views without a valid authentication passphrase. (CVE-2008-0960)\n\nJohn Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. (CVE-2008-2292)\n\nIt was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service. (CVE-2008-4309)", "modified": "2008-12-03T00:00:00", "published": "2008-12-03T00:00:00", "id": "USN-685-1", "href": "https://usn.ubuntu.com/685-1/", "title": "Net-SNMP vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:29", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1663-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nNovember 09, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : net-snmp\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2008-0960 CVE-2008-2292 CVE-2008-4309\nDebian Bugs : 485945 482333 504150\n\nSeveral vulnerabilities have been discovered in NET SNMP, a suite of\nSimple Network Management Protocol applications. The Common\nVulnerabilities and Exposures project identifies the following problems:\n \nCVE-2008-0960\n \n Wes Hardaker reported that the SNMPv3 HMAC verification relies on\n the client to specify the HMAC length, which allows spoofing of\n authenticated SNMPv3 packets.\n \nCVE-2008-2292\n \n John Kortink reported a buffer overflow in the __snprint_value\n function in snmp_get causing a denial of service and potentially\n allowing the execution of arbitrary code via a large OCTETSTRING \n in an attribute value pair (AVP).\n \nCVE-2008-4309\n\n It was reported that an integer overflow in the\n netsnmp_create_subtree_cache function in agent/snmp_agent.c allows \n remote attackers to cause a denial of service attack via a crafted \n SNMP GETBULK request.\n\nFor the stable distribution (etch), these problems has been fixed in\nversion 5.2.3-7etch4.\n \nFor the testing distribution (lenny) and unstable distribution (sid)\nthese problems have been fixed in version 5.4.1~dfsg-11.\n\nWe recommend that you upgrade your net-snmp package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.diff.gz\n Size/MD5 checksum: 94030 2ccd6191c3212980956c30de392825ec\n http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.dsc\n Size/MD5 checksum: 1046 8018cc23033178515298d5583a74f9ff\n http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz\n Size/MD5 checksum: 4006389 ba4bc583413f90618228d0f196da8181\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch4_all.deb\n Size/MD5 checksum: 1214368 d579d8f28f3d704b6c09b2b480425086\n http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch4_all.deb\n Size/MD5 checksum: 855594 b5ccd827adbcefcca3557fa9ae28cc08\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_alpha.deb\n Size/MD5 checksum: 2169470 265835564ef2b0e2e86a08000461c53b\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_alpha.deb\n Size/MD5 checksum: 944098 5b903886ee4740842715797e3231602c\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_alpha.deb\n Size/MD5 checksum: 1901802 5486eb1f2a5b076e5342b1dd9cbb12e2\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_alpha.deb\n Size/MD5 checksum: 933202 e3210ba1641079e0c3aaf4a50e89aedd\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_alpha.deb\n Size/MD5 checksum: 835584 b14db8c5e5b5e2d34799952975f903fb\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_amd64.deb\n Size/MD5 checksum: 932008 fc79672bf64eaabd41ed1c2f4a42c7da\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_amd64.deb\n Size/MD5 checksum: 1890766 ae3832515a97a79b31e0e7f0316356ee\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_amd64.deb\n Size/MD5 checksum: 835088 62867e9ba9dfca3c7e8ae575d5a478f5\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_amd64.deb\n Size/MD5 checksum: 918844 d2d1bc5f555bc9dba153e2a9a964ffbf\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_amd64.deb\n Size/MD5 checksum: 1557924 5c2a33a015dd44708a9cc7602ca2525c\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_arm.deb\n Size/MD5 checksum: 909974 4c1cef835efc0b7ff3fea54a618eabee\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_arm.deb\n Size/MD5 checksum: 835284 3ac835d926481c9e0f589b578455ddee\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_arm.deb\n Size/MD5 checksum: 928252 b98e98b58c61be02e477185293427d5c\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_arm.deb\n Size/MD5 checksum: 1778292 b903adf3d1fa6e7a26f7cafb7bffdd6b\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_arm.deb\n Size/MD5 checksum: 1344158 78b6cf6b2974983e8e3670468da73cd1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_hppa.deb\n Size/MD5 checksum: 835940 9eeaf116e386dd7733ab2106c662dfa9\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_hppa.deb\n Size/MD5 checksum: 1809132 78bb5f1c12b004d32fa265e6bd99ffa1\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_hppa.deb\n Size/MD5 checksum: 1926116 71c7f3095ffe1bb22e84ade21f32b3a4\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_hppa.deb\n Size/MD5 checksum: 935434 85deac8531b02a0fdf3c9baa21d8e4bd\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_hppa.deb\n Size/MD5 checksum: 935640 958cb158264f75772864cd5d5c0bf251\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_i386.deb\n Size/MD5 checksum: 1423294 f05c7491a8100684c5085588738f05b5\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_i386.deb\n Size/MD5 checksum: 833970 cb705c9fe9418cc9348ac935ea7b0ba2\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_i386.deb\n Size/MD5 checksum: 920070 3df41a0c99c41d1bccf6801011cf8ed5\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_i386.deb\n Size/MD5 checksum: 925914 159b4244ef701edbe0fb8c9685b5b477\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_i386.deb\n Size/MD5 checksum: 1838900 3b7ac7b8fe0da1a3909ee56aba46d464\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_ia64.deb\n Size/MD5 checksum: 2205680 6868a56b1db04627e6921bf7237939a2\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_ia64.deb\n Size/MD5 checksum: 970440 783f0cccabfbcc63590730b3803d164d\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_ia64.deb\n Size/MD5 checksum: 2281114 fd04b505755a3aed0fe4c9baaac84500\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_ia64.deb\n Size/MD5 checksum: 842690 9f9ca89c3d3ba7c46481e9cd39c242a6\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_ia64.deb\n Size/MD5 checksum: 962854 c8a32f808d719357a5b6350e2b60794e\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mips.deb\n Size/MD5 checksum: 895414 5dd919d188291cb3727d39b5e06c9e26\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mips.deb\n Size/MD5 checksum: 927342 28c245db4d8ea82ba4075b27d674d72a\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mips.deb\n Size/MD5 checksum: 833182 0e0b21e13d77de82bed7a38d30f65e4b\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mips.deb\n Size/MD5 checksum: 1769524 24bdc73a3d20c4046c7741957442c713\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mips.deb\n Size/MD5 checksum: 1717562 977ae5c34a127d32d8f2bf222de9a431\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mipsel.deb\n Size/MD5 checksum: 1755032 cab5c112911465a9ce23a0d2ea44ded9\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mipsel.deb\n Size/MD5 checksum: 926616 2bf14a3fe74d9f2a523aacc8b04f5282\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mipsel.deb\n Size/MD5 checksum: 895194 b7c9ed37bf83ad92371f5472ac5d917b\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mipsel.deb\n Size/MD5 checksum: 833098 08b63ba6c3becf25ba2f941a532a7b71\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mipsel.deb\n Size/MD5 checksum: 1720642 1ff7568eb478edee923edb76cf42e9ac\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_powerpc.deb\n Size/MD5 checksum: 941434 bbac9384bd7f88339e2b86fa665208c1\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_powerpc.deb\n Size/MD5 checksum: 835212 4790d79f8de7f1bee7aabf0473f25268\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_powerpc.deb\n Size/MD5 checksum: 1657890 b91fcf52e80c7196cea0c13df9ac79ef\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_powerpc.deb\n Size/MD5 checksum: 1803262 4d298c9509941390c7b2eb68320ad211\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_powerpc.deb\n Size/MD5 checksum: 928170 b17966a6a61313344ac827b58f32eeef\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_s390.deb\n Size/MD5 checksum: 1409718 2a128cbdce2522ef49604255cff41af2\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_s390.deb\n Size/MD5 checksum: 931452 d3bb7c3a849cd2b35fa6e4acb19c318d\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_s390.deb\n Size/MD5 checksum: 1834914 67e5b946df18b06b41b3e108d5ddc4e3\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_s390.deb\n Size/MD5 checksum: 836102 7a4b85e8ea0e50d7213997b5f7d6309f\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_s390.deb\n Size/MD5 checksum: 903864 3f80e78e4e2672aacf3da0690ff24b79\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_sparc.deb\n Size/MD5 checksum: 925336 5824ea607689f3f1bd62a9e6e28f95ae\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_sparc.deb\n Size/MD5 checksum: 1548630 1378d1cf730d3026bc1f01a4ab2ccedb\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_sparc.deb\n Size/MD5 checksum: 918592 28a086f6aa2ee8d510b38c1a177843fc\n http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_sparc.deb\n Size/MD5 checksum: 834186 068cbf2b4774ecf9504b820db26e6f1d\n http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_sparc.deb\n Size/MD5 checksum: 1782014 d39fae5fe0d1397a2a1bd7397d6e850a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2008-11-09T09:49:25", "published": "2008-11-09T09:49:25", "id": "DEBIAN:DSA-1663-1:B5819", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00255.html", "title": "[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:41", "bulletinFamily": "unix", "description": "a. Updated ESX Service Console package libxml2 \n \nA denial of service flaw was found in the way libxml2 processes \ncertain content. If an application that is linked against \nlibxml2 processes malformed XML content, the XML content might \ncause the application to stop responding. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2008-3281 to this issue. \nAdditionally the following was also fixed, but was missing in the \nsecurity advisory. \nA heap-based buffer overflow flaw was found in the way libxml2 \nhandled long XML entity names. If an application linked against \nlibxml2 processed untrusted malformed XML content, it could cause \nthe application to crash or, possibly, execute arbitrary code. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2008-3529 to this issue. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "modified": "2008-12-02T00:00:00", "published": "2008-10-31T00:00:00", "id": "VMSA-2008-0017", "href": "https://www.vmware.com/security/advisories/VMSA-2008-0017.html", "title": "Updated ESX packages for libxml2, ucd-snmp, libtiff", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T02:40:42", "bulletinFamily": "unix", "description": "I Security Issues \na. OpenSSL Binaries Updated \nThis fix updates the third party OpenSSL library. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108 and CVE-2007-5135 to the issues addressed by this update. \n\n", "modified": "2008-09-18T00:00:00", "published": "2008-08-12T00:00:00", "id": "VMSA-2008-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2008-0013.html", "title": "Updated ESX packages for OpenSSL, net-snmp, perl", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:40:57", "bulletinFamily": "unix", "description": "The net-snmp daemon implements the \"simple network management protocol\". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).\n#### Solution\nPlease install the update package.", "modified": "2008-08-01T13:33:56", "published": "2008-08-01T13:33:56", "id": "SUSE-SA:2008:039", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html", "title": "authentication bypass, denial-of-service in net-snmp", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}