Wind River Support Network

HomeOther DownloadsSecurity Advisory - net-snmp - CVE-2008-0960 (for Wind River Linux 1.4)
Recommended Type: Patch

Security Advisory - net-snmp - CVE-2008-0960 (for Wind River Linux 1.4)

Released: Jun 13, 2008     Updated: Jun 13, 2008

Description

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; and (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
CERT: VU#878044
CVE: CVE-2008-0960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0960 IDENTIFIER = WIND00124113 for 1.4

Product Version

Linux Platforms 1.x

Downloads

Installation Notes

Installation Notes

  1. Unzip the patch under [install_dir]/updates

    2. Install the patch CD by entering the patch CD directory and run setup_linux.

    3. This is a source only patch so you will have to build the kernel and fs

    4. Issue a make fs and make the kernel in a configured directory.

    5. Upload the kernel and rootfs into the target and boot it up.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube