Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 24 Oct 2012 17:29:06 +0200
Type : VULN
Sujet : CERT-Renater : 2012/VULN426 (US-CERT : HP/H3C and Huawei networking equipment h3c-user snmp vulnerability)
===================================================================
                             CERT-Renater

                  Note d'Information No. 2012/VULN426
____________________________________________________________________

DATE                :  24/10/2012

HARDWARE PLATFORM(S): HP/H3C networking equipment,
                        Huawei networking equipment.

OPERATING SYSTEM(S) : HP/H3C networking equipment firmware,
                      Huawei networking equipment firmware.

======================================================================
http://www.kb.cert.org/vuls/id/225404
______________________________________________________________________

Vulnerability Note VU#225404
HP/H3C and Huawei networking equipment h3c-user snmp vulnerability

Original Release date: 24 oct. 2012 | Last revised: 24 oct. 2012


Overview

HP/H3C and Huawei networking equipment contains a vulnerability which
could allow an attacker to access administrative functions of the
device using systems network management protocol (SNMP) requests.


Description

According to the researcher's report.:

    "HP/H3C and Huawei networking equipment suffers from a serious
weakness in regards to their handling of Systems Network Management
Protocol (SNMP) requests for protected h3c-user.mib and hh3c-user.mib
objects.

    Details
    Huawei/H3C have two OIDs, 'old' and 'new':

    old: 1.3.6.1.4.1.2011.10
    new: 1.3.6.1.4.1.25506

    Most devices support both formats.

    The MIBs h3c-user.mib and hh3c-user.mib, for the purpose of this
document, will be referred to as (h)h3c-user.mib. This MIB defines the
internal table and objects to "Manage configuration and Monitor running
state for userlog feature."

    This means there are some cool objects with data in this MIB
penetration testers or malicious actors would want to get their dirty
little hands on. Most objects are only accessible with the read/write
community string.

    In the revision history of (h)h3c-user.mib, version 2.0 modified
the MAX-ACCESS from read-only to read-create the following objects
within the (h)h3cUserInfoEntry sequence:

    (h)h3cUserName
    (h)h3cUserPassword
    (h)h3cAuthMode
    (h)h3cUserLevel

    The purpose of these objects are to provide the locally configured
users to those with a valid SNMP community. After the change only those
with the read-write community string should have access, however this
was not the case and the code still retained the earlier access of
read-only.

    So if you have the SNMP public community string then you have the
ability to view these entries."


Additional information can be found in the researcher's report


Impact

A remote unauthenticated attacker can access administrative functions
of the device using systems network management protocol (SNMP) requests.


Solution

Update

HP: Customers are advised to check HP's SSRT100962 support document for
instructions.

Huawei: We are currently unaware of a practical solution to this
problem.

According to the researcher's report:

    "By itself this is already bad but most users who do any of the
following may already be protected:

    Use complex SNMP community strings or disable SNMPv1
    Have disabled the mib entries for (h)h3c-user
    Block SNMP using access controls or firewalls
    Do not define local users, use RADIUS or TACACS+

    More specific routines can be found in the vendor's release."


Vendor Information (Learn More)

Vendor	Status	Date Notified	Date Updated
Hewlett-Packard Company	Affected	06 Aug 2012	24 Oct 2012
Huawei Technologies	Affected	-	24 Oct 2012
3com Inc	Unknown	06 Aug 2012	06 Aug 2012
If you are a vendor and your product is affected, let us know.


CVSS Metrics (Learn More)
Group 	Score 	Vector
Base 	9,3 	AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 	7,7 	E:F/RL:OF/RC:C
Environmental 	7,7 	CDP:MH/TD:H/CR:ND/IR:ND/AR:ND


References


http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html

https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03515685&ac.admitted51086123601.876444892.492883150


Credit

Thanks to Kurt Grutzmacher for reporting this vulnerability.

This document was written by Michael Orlando.


Other Information

    CVE IDs: CVE-2012-3268
    Date Public: 23 oct. 2012
    Date First Published: 24 oct. 2012
    Date Last Updated: 24 oct. 2012
    Document Revision: 12


Feedback

If you have feedback, comments, or additional information about this
vulnerability, please send us email.


======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================

[An attachment of type application/pkcs7-signature was included here]