F-Secure
Tools
Ingate Firewall and SIParator SNMP HMAC Spoofing
| Report ID: | SA30648 |
| Source: | Secunia |
| Date of Discovery: | 12.06.2008 |
| Criticality: | Low |
| Affects: | Ingate Firewall 3.x Ingate Firewall 4.x Ingate SIParator 3.x Ingate SIParator 4.x |
| Compromise From: | From local network |
| Compromise Type: | Exposure of sensitive information Exposure of system information |
Summary
A vulnerability in Ingate Firewall and SIParator, which can be exploited by malicious people to spoof authenticated SNMPv3 packets.
Detailed Description
A vulnerability in Ingate Firewall and SIParator, which can be exploited by malicious people to spoof authenticated SNMPv3 packets.
For more information:
SA30574
Successful exploitation allows to read configuration and status information from the device, but requires that SNMP is enabled (not enabled by default).
NOTE: Reportedly, this can not be exploited to modify configuration settings on the device.
The vulnerability is reported in Ingate Firewall and SIParator version 3.1.0 and newer.
For more information:
SA30574
Successful exploitation allows to read configuration and status information from the device, but requires that SNMP is enabled (not enabled by default).
NOTE: Reportedly, this can not be exploited to modify configuration settings on the device.
The vulnerability is reported in Ingate Firewall and SIParator version 3.1.0 and newer.
Solution
Restrict access to the SNMP agent.
Reportedly, the vulnerability will be fixed in the next regular release (Q3/2008).
Reportedly, the vulnerability will be fixed in the next regular release (Q3/2008).
CVE Reference
CVE-2008-0960