CERT has told us of an authentication bypass flaw in Net-SNMP and UCD-SNMP.
According to net-snmp:
"The quick technical summary is that the SNMPv3 packet contains a truncated HMAC
authentication code. The author that wrote the code very very long ago to check
that HMAC code used the length of the packet's version of the HMAC code to do
the check. Thus if you send a single byte HMAC code, it'll only check it against
the first byte of HMAC output. Thus it's fairly easy to spoof an authenticated
Created attachment 306408 [details]
Proposed upstream patch
changing embargo date due to request from CERT
Public now, lifting embargo:
Net-SNMP upstream bug report:
Fixed Net-SNMP versions:
>= 22.214.171.124, >= 126.96.36.199, >= 188.8.131.52
net-snmp-5.4.1-18.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
net-snmp-5.4.1-7.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
net-snmp-5.4-18.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
All children bugs have been closed, parent is no longer needed.