CERT reveals security flaws

Last week, Carnegie Mellon's CERT Coordination Center (formerly known as the Computer Emergency Response Team) released a security alert announcing major flaws in a commonly used network protocol - the Simple Network Management Protocol (SNMP). SNMP is used worldwide to monitor and configure network devices. Many organizations rely on SNMP within their network, and telecommunications companies such as Cisco Systems and Lucent Technologies utilize SNMP for control of their network products.

The CERT advisory revealed that many implementations of the SNMP protocol have vulnerabilities that could allow attackers to launch denial-of-service attacks and possibly even gain control of a system. Certain SNMP implementations are vulnerable to buffer overflow attacks, which could allow an attacker to gain complete control over a system. The vulnerabilities are not in the SNMP protocol, rather they exist in the ways that the protocol was implemented by different vendors, said Ian Finlay, an Internet security analyst at CERT.

The Oulu University Secure Programming Group, in Finland, initially discovered some of these problems in mid-2001 and contacted CERT, which conducted tests to further identify systems affected by the vulnerabilities. The group contacted over 50 companies which were likely to be affected by the flaws, and many of the companies have released product patches to correct the errors.

The vulnerabilities in SNMP implementations are particularly problematic because SNMP is used by so many organizations and in many different types of software and hardware systems, all of which will require different fixes. The SNMP protocol is "pervasively deployed," said Finlay in regard to the widespread use of SNMP.

CERT is recommending that network administrators, and even home users with SNMP programs installed on their computers, should immediately install patches offered by vendors of the affected products.