Wind River Support Network

HomeOther DownloadsSecurity Advisory - net-snmp - CVE-2008-0960 (for Wind River Linux 1.5)
Recommended Type: Patch

Security Advisory - net-snmp - CVE-2008-0960 (for Wind River Linux 1.5)

Released: Jun 13, 2008     Updated: Jun 13, 2008


SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before, 5.3.x before, and 5.4.x before; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; and (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
CERT: VU#878044
CVE: CVE-2008-0960 IDENTIFIER = WIND00124113 for 1.5

Product Version

Linux Platforms 1.x


Installation Notes

Installation Notes

  1. Unzip the patch under [install_dir]/updates

    2. Install the patch CD by entering the patch CD directory and run setup_linux.

    3. This is a source only patch so you will have to build the kernel and fs

    4. Issue a make fs and make the kernel in a configured directory.

    5. Upload the kernel and rootfs into the target and boot it up.

Live chat