//Class: Design Error //Vulnerable: UCD-SNMP UCD-SNMP 4.2.6 Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun OpenSolaris build snv_01 Sun OpenSolaris 0 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current S.u.S.E. SUSE Linux Enterprise Server 10 SP2 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. SLE SDK 10 SP2 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Enterprise Server 9 RedHat Fedora 9 0 RedHat Fedora 8 0 RedHat Fedora 7 0 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 Net-SNMP Net-SNMP 5.4.1 Net-SNMP Net-SNMP 5.3.2 Net-SNMP Net-SNMP 5.2.4 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Juniper Networks Session and Resource Control Appliance 2.0 Juniper Networks Session and Resource Control Appliance 1.0.1 Juniper Networks Session and Resource Control Appliance 1.0 Ingate SIParator 4.6.1 Ingate SIParator 4.6 Ingate SIParator 4.5.2 Ingate SIParator 4.5.1 Ingate SIParator 4.4.1 Ingate SIParator 4.3.4 Ingate SIParator 4.3.3 Ingate SIParator 4.3.2 Ingate SIParator 4.3.1 Ingate SIParator 4.3 Ingate SIParator 4.2.3 Ingate SIParator 4.2.2 Ingate SIParator 4.2.1 Ingate SIParator 3.3.1 Ingate SIParator 3.2.1 Ingate SIParator 3.2 Ingate SIParator 3.1 Ingate SIParator 4.4 Ingate Firewalll 4.4 Ingate Firewall 4.6.1 Ingate Firewall 4.6 Ingate Firewall 4.5.2 Ingate Firewall 4.5.1 Ingate Firewall 4.4.1 Ingate Firewall 4.3.4 Ingate Firewall 4.3.3 Ingate Firewall 4.3.2 Ingate Firewall 4.3.1 Ingate Firewall 4.3 Ingate Firewall 4.2 .3 Ingate Firewall 4.2 .2 Ingate Firewall 4.2 .1 Ingate Firewall 4.1.3 Ingate Firewall 3.3.1 Ingate Firewall 3.2.1 Ingate Firewall 3.2 Ingate Firewall 3.1 Gentoo Linux eCosCentric eCos 0 Cisco Wireless LAN Controller Module 0 Cisco Wireless LAN Control 5.1 Cisco Wireless LAN Control 5.0 Cisco Wireless LAN Control 4.1 Cisco Wireless LAN Control 4.0 Cisco Wireless LAN Control 3.2 Cisco NX-OS 0 Cisco MDS 9000 Cisco IOS XR Cisco IOS 0 Cisco CatOS Cisco Application Control Engine (ACE) Module 0 Cisco ACE XML Gateway 0 Cisco ACE Appliance 0 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.5 Not Vulnerable: Net-SNMP Net-SNMP 5.4.1 1 Net-SNMP Net-SNMP 5.3.2 1 Net-SNMP Net-SNMP 5.2.4 1 Apple Mac OS X Server 10.5.4 Apple Mac OS X 10.5.4 //Details : Net-SNMP is prone to a remote authentication-bypass vulnerability caused by a design error. Successfully exploiting this issue will allow attackers to gain unauthorized access to the affected application. Net-SNMP 5.4.1, 5.3.2, 5.2.4, and prior versions are vulnerable. //Exploit : http://www.securityfocus.com/data/vulnerabilities/exploits/29623.zip //GreetZ : to all My friends & M-A-H T3am :>