SNMP flaw is serious, fix isn't easy

Article

SNMP flaw is serious, fix isn't easy

Edward Hurley, Assistant News Editor


Flaws in a popular network protocol may leave devices from desktops to routers open to an Internet attack.

FOR MORE INFORMATION
CERT advisory

Information about the vulnerabilities in SNMPv1 request handling (including vendor information)

Information about the vulnerabilities in SNMPv1 trap handling (including vendor information)

Security flaws in Simple Network Management Protocol (SNMP) could allow attackers to gain control of systems or take down networks, according to the Computer Emergency Response Team (CERT) at Pittsburgh-based Carnegie Mellon University. SNMP allows users to remotely communicate with devices on a network. Everything from servers to routers to printers use the protocol.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

"In security, being able to gain user privileges is about as bad as it gets," said Dennis Treece, director of ISS's X-Force Special Operations Group. "The ability make a network crash is also as bad as it gets."

The Oulu University Secure Programming Group (OUSPG) in Finland found the vulnerabilities in version 1of SNMP. The group notified CERT of the flaws last year. Since then, CERT has been working with vendors to address the vulnerabilities. So far, no reports of the vulnerabilities being exploited have surfaced.

Products from more than 200 vendors may contain the flaws. CERT reports the vulnerabilities in products from Microsoft, Hewlett-Packard, Cisco Systems, Novell, 3 Com and others. Some vendors have patches ready but others are still working on them (see box for a link to information about patches).

SNMP was released in the late '80s, hence security wasn't a major concern neither really was the Internet, Treece said. "But the house was built on a foundation of sponges," he said.

SMNPv1 still works very well, Treece said. In fact, 95% of devices still use it. SMNPv3 is more secure but upgrading to that is a time consuming and difficult process, Treece said.

CERT suggests disabling SNMP if not needed. Filtering ports 161/udp and 162/udp can help minimize the chances that the vulnerabilities will be exploited, CERT suggests.

Treece suggests users check with their vendors to make sure they didn't use any additional ports that may need to be blocked. Restricting external SNMP requests is another way to minimize exploitation.

In the long term, shops should consider upgrading to SNMPv3, but that won't be easy, Treece said. "It's like having to upgrade all your systems from Windows 95 to Windows XP right now," he said.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top