Article

SNMP flaw is serious, fix isn't easy

Edward Hurley, Assistant News Editor


Flaws in a popular network protocol may leave devices from desktops to routers open to an Internet attack.

FOR MORE INFORMATION

    Requires Free Membership to View

CERT advisory

Information about the vulnerabilities in SNMPv1 request handling (including vendor information)

Information about the vulnerabilities in SNMPv1 trap handling (including vendor information)

Security flaws in Simple Network Management Protocol (SNMP) could allow attackers to gain control of systems or take down networks, according to the Computer Emergency Response Team (CERT) at Pittsburgh-based Carnegie Mellon University. SNMP allows users to remotely communicate with devices on a network. Everything from servers to routers to printers use the protocol.

"In security, being able to gain user privileges is about as bad as it gets," said Dennis Treece, director of ISS's X-Force Special Operations Group. "The ability make a network crash is also as bad as it gets."

The Oulu University Secure Programming Group (OUSPG) in Finland found the vulnerabilities in version 1of SNMP. The group notified CERT of the flaws last year. Since then, CERT has been working with vendors to address the vulnerabilities. So far, no reports of the vulnerabilities being exploited have surfaced.

Products from more than 200 vendors may contain the flaws. CERT reports the vulnerabilities in products from Microsoft, Hewlett-Packard, Cisco Systems, Novell, 3 Com and others. Some vendors have patches ready but others are still working on them (see box for a link to information about patches).

SNMP was released in the late '80s, hence security wasn't a major concern neither really was the Internet, Treece said. "But the house was built on a foundation of sponges," he said.

SMNPv1 still works very well, Treece said. In fact, 95% of devices still use it. SMNPv3 is more secure but upgrading to that is a time consuming and difficult process, Treece said.

CERT suggests disabling SNMP if not needed. Filtering ports 161/udp and 162/udp can help minimize the chances that the vulnerabilities will be exploited, CERT suggests.

Treece suggests users check with their vendors to make sure they didn't use any additional ports that may need to be blocked. Restricting external SNMP requests is another way to minimize exploitation.

In the long term, shops should consider upgrading to SNMPv3, but that won't be easy, Treece said. "It's like having to upgrade all your systems from Windows 95 to Windows XP right now," he said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: