Net-SNMP Remote Authentication Bypass Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052572 漏洞类型
发布时间 2008-08-07 更新时间 2008-08-07
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008080024
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
//Class: Design Error 
//Vulnerable: 

UCD-SNMP UCD-SNMP 4.2.6
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun OpenSolaris build snv_01
Sun OpenSolaris 0
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux -current
S.u.S.E. SUSE Linux Enterprise Server 10 SP2
S.u.S.E. SUSE Linux Enterprise Server 10 SP1
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
S.u.S.E. SLE SDK 10.SP1
S.u.S.E. SLE SDK 10 SP2
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Enterprise Server 9
RedHat Fedora 9 0
RedHat Fedora 8 0
RedHat Fedora 7 0
RedHat Enterprise Linux WS 5
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
Net-SNMP Net-SNMP 5.4.1
Net-SNMP Net-SNMP 5.3.2
Net-SNMP Net-SNMP 5.2.4
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Juniper Networks Session and Resource Control Appliance 2.0
Juniper Networks Session and Resource Control Appliance 1.0.1
Juniper Networks Session and Resource Control Appliance 1.0
Ingate SIParator 4.6.1
Ingate SIParator 4.6
Ingate SIParator 4.5.2
Ingate SIParator 4.5.1
Ingate SIParator 4.4.1
Ingate SIParator 4.3.4
Ingate SIParator 4.3.3
Ingate SIParator 4.3.2
Ingate SIParator 4.3.1
Ingate SIParator 4.3
Ingate SIParator 4.2.3
Ingate SIParator 4.2.2
Ingate SIParator 4.2.1
Ingate SIParator 3.3.1
Ingate SIParator 3.2.1
Ingate SIParator 3.2
Ingate SIParator 3.1
Ingate SIParator 4.4
Ingate Firewalll 4.4
Ingate Firewall 4.6.1
Ingate Firewall 4.6
Ingate Firewall 4.5.2
Ingate Firewall 4.5.1
Ingate Firewall 4.4.1
Ingate Firewall 4.3.4
Ingate Firewall 4.3.3
Ingate Firewall 4.3.2
Ingate Firewall 4.3.1
Ingate Firewall 4.3
Ingate Firewall 4.2 .3
Ingate Firewall 4.2 .2
Ingate Firewall 4.2 .1
Ingate Firewall 4.1.3
Ingate Firewall 3.3.1
Ingate Firewall 3.2.1
Ingate Firewall 3.2
Ingate Firewall 3.1
Gentoo Linux
eCosCentric eCos 0
Cisco Wireless LAN Controller Module 0
Cisco Wireless LAN Control 5.1
Cisco Wireless LAN Control 5.0
Cisco Wireless LAN Control 4.1
Cisco Wireless LAN Control 4.0
Cisco Wireless LAN Control 3.2
Cisco NX-OS 0
Cisco MDS 9000
Cisco IOS XR
Cisco IOS 0
Cisco CatOS
Cisco Application Control Engine (ACE) Module 0
Cisco ACE XML Gateway 0
Cisco ACE Appliance 0
Avaya Interactive Response 3.0
Avaya Interactive Response 2.0
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.5
Not Vulnerable: 	Net-SNMP Net-SNMP 5.4.1 1
Net-SNMP Net-SNMP 5.3.2 1
Net-SNMP Net-SNMP 5.2.4 1
Apple Mac OS X Server 10.5.4
Apple Mac OS X 10.5.4

//Details : Net-SNMP is prone to a remote authentication-bypass vulnerability caused by a design error.

Successfully exploiting this issue will allow attackers to gain unauthorized access to the affected application.

Net-SNMP 5.4.1, 5.3.2, 5.2.4, and prior versions are vulnerable.

//Exploit : http://www.securityfocus.com/data/vulnerabilities/exploits/29623.zip

//GreetZ : to all My friends & M-A-H T3am :>