Ingate Firewall and SIParator affected by SNMPv3 vulnerability
Wed, 11 Jun 2008 16:16:57 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Product: Ingate Firewall and SIParator
Versions: version 3.1.0 and newer
Tracking ID: 3854
A vulnerability has been found in the SNMP implementation. By using a
specially crafted SNMP version 3 package, an attacker can effectively
bypass the authentication of net-snmp.
By default, SNMP is disabled. Only units where the SNMP subsystem has
been enabled and uses SNMPv3 are vulnerable to this issue. All
related SNMP settings are available in the GUI on the tab Basic
Settings - SNMP.
An attacker can read configuration and status information from the
Due to the way net-snmp is configured on the Ingate Firewall and
SIParator this vulnerability cannot be used to modify settings.
The problem can be mitigated by using the "Servers allowed to contact
the firewall via SNMP" setting, so that it is restricted to the IP
address(es) of your management station(s). This setting can restrict
access to a set of IP addresses and/or via a certain physical
The SNMP agent listens to a configurable interface on the Ingate
Firewall and SIParator. If a non-routeable IP address is used
attackers from the Internet cannot reach the SNMP agent.
It is also possible to turn off the SNMP agent, if you consider the
potential information leak to be more serious than the loss of
Ingate currently plans to solve this issue in the next regular
release, due in Q3 2008.
CVE Name: CVE-2008-0960
More information about this vulnerability is available from US-CERT at
Further updates on this issue will be sent to our mailing list
Further questions regarding this issue can be directed to
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----