F-Secure Vulnerability Information : Ingate Firewall and SIParator SNMP HMAC Spoofing

F-SECURE.COM

Security Guide

F-Secure World Map

Security Alerts

Virus Statistics

Malware Removal Tools

Malware Code Glossary

Submit Malware Sample

Select local site

Main Index » Security Center » Descriptions

F-Secure Vulnerability Information : Ingate Firewall and SIParator SNMP HMAC Spoofing
[Summary] \| [Detailed Description] \| [Solution] \| [CVE Reference]

SA30648

Secunia

12.06.2008

Low

Ingate Firewall 3.x
Ingate Firewall 4.x
Ingate SIParator 3.x
Ingate SIParator 4.x

Compromise From:

From local network

Compromise Type:

Exposure of sensitive information
Exposure of system information

Summary

A vulnerability in Ingate Firewall and SIParator, which can be exploited by malicious people to spoof authenticated SNMPv3 packets.

Back to the Top

Detailed Description

A vulnerability in Ingate Firewall and SIParator, which can be exploited by malicious people to spoof authenticated SNMPv3 packets.

For more information:
SA30574

Successful exploitation allows to read configuration and status information from the device, but requires that SNMP is enabled (not enabled by default).

NOTE: Reportedly, this can not be exploited to modify configuration settings on the device.

The vulnerability is reported in Ingate Firewall and SIParator version 3.1.0 and newer.

Back to the Top

Solution

Restrict access to the SNMP agent.

Reportedly, the vulnerability will be fixed in the next regular release (Q3/2008).

Back to the Top

CVE Reference

CVE-2008-0960

Back to the Top

F-Secure Corporation