Select local site

F-Secure Vulnerability Information :
Ingate Firewall and SIParator SNMP HMAC Spoofing

[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA30648
Source:Secunia
Date of Discovery:12.06.2008
Criticality:Low
Affects:

Ingate Firewall 3.x
Ingate Firewall 4.x
Ingate SIParator 3.x
Ingate SIParator 4.x

Compromise From:From local network
Compromise Type:Exposure of sensitive information
Exposure of system information
Summary

A vulnerability in Ingate Firewall and SIParator, which can be exploited by malicious people to spoof authenticated SNMPv3 packets.

Back to the Top

Detailed Description

A vulnerability in Ingate Firewall and SIParator, which can be exploited by malicious people to spoof authenticated SNMPv3 packets.

For more information:
SA30574

Successful exploitation allows to read configuration and status information from the device, but requires that SNMP is enabled (not enabled by default).

NOTE: Reportedly, this can not be exploited to modify configuration settings on the device.

The vulnerability is reported in Ingate Firewall and SIParator version 3.1.0 and newer.

Back to the Top

Solution

Restrict access to the SNMP agent.

Reportedly, the vulnerability will be fixed in the next regular release (Q3/2008).

Back to the Top

CVE Reference
CVE-2008-0960
Back to the Top

F-Secure Corporation