Bug ID 716140: Information in snmpd.conf files may be overwritten causing SNMP v3 queries to recieve 'Unsupported security level' errors

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.0.0,, 16.0.1,,

Opened: Apr 20, 2018

Severity: 3-Major


During daemon startup, the snmpd daemon zeroes out sensitive data in the snmpd.conf files. This is done so that passwords are not available to be read on disk. This can cause problems when other daemons using the net-snmp shared libraries access snmpd.conf files for data that they need during startup. If you have 'zeroed out' data under /config/net-snmp/snmpd.conf, the system reports 'Unsupported security level' errors in response to SNMP v3 query, for example: snmpget -v 3 -u testuser -a SHA -A "testuser" -x AES -X "testuser" -l authPriv localhost sysSystemUptime.0 snmpget: Unsupported security level (Sub-id not found: (top) -> sysSystemUptime)


Daemons usually start in an orderly fashion and usually do not conflict with each other. However, it is possible that they might fail to load correctly due to the zeroing out of data. For example this can cause SNMP v3 access errors for users with 'zeroed out' data under /config/net-snmp/snmpd.conf: snmpget -v 3 -u testuser -a SHA -A "testuser" -x AES -X "f5testuser" -l authPriv localhost sysSystemUptime.0. snmpget: Unsupported security level (Sub-id not found: (top) -> sysSystemUptime).


Custom SNMP v3 users created and exist in /config/net-snmp/snmpd.conf 'zeroed out' data: Example from /config/net-snmp/snmpd.conf where user 'testuser' has some data that is 'zeroed out' (0x 0x): usmUser 1 3 0x80001f88808047605278d46d5b "testuser" "testuser" NULL . 0x . 0x 0x


Use tmsh to configure SNMP users.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips