Users brace for system admin attacks

Users face a major risk using Internet-based management software based on SNMP, the simple network management protocol used in...

Users face a major risk using Internet-based management software based on SNMP, the simple network management protocol used in system management software

CERT/CC, the federally funded computer security body CERT/CC (Computer Emergency Response Team/Coordination Center identified a number of issues with SNMP version 1.0. The flaws, it stated, could allow attackers to stage denial of service attacks, take over systems and threaten the Internet.

Information about the vulnerabilities has already begun to surface in attacker communities. CERT/CC advised administrators to act quickly by applying available patches.

The vulnerabilities were first discovered by the Secure Programming Group of Finland's Oulu University. The team at Oulu found multiple vulnerabilities in the way SNMP version one is implemented in many vendors' products. The vulnerabilities involve the way in which SNMP implementations handle warning and error messages, along with requests.

The CERT/CC alert stated that the flaws in the products are particularly serious because "many of the affected products provide key services to the Internet infrastructure. Large-scale outages of these devices could disable significant portions of the global network CERT/CC said in its alert.

CERT/CC's Marty Lindner, team leader handling this security issue said an automated attack tool could be written to take advantage of the flaws.

SNMP is a protocol used by many suppliers to enable network and systems administrators to remotely monitor and configure any number of network devices, including routers, switches and operating systems.

SNMP "is very, very widely used," according to Russ Cooper, an IT expert who heads up security firm TruSecure. "It's used in most corporations and certainly in all ISPs (Internet service providers)."

Vendors whose products are affected include Avaya Inc., 3Com Corp., Caldera Systems Inc., Cisco Systems Inc., Compaq Computer Corp., Computer Associates International Inc., Hewlett-Packard Co., Juniper Networks Inc., Lotus Software Group, Lucent Technologies Inc., Microsoft Corp., Netscape Communications Corp., Nokia Corp., Novell Inc., Silicon Graphics Inc. and Sun Microsystems Inc. Different vendors have responded to the vulnerabilities in different ways, with many of them already offering patches, though some have not, according to the alert.

Though some vendors have issued fixes, the challenge to network administrators may still be great, according to CERT/CC's alert. Administrators will need to apply patches and make changes to many different kinds of devices throughout their networks, changes which may not be easy to make, the organization said.

TruSecure, Cooper's company, obtained a copy of the suite of tests created by the Oulu team from contacts in the "black hat," or malicious, underground. He said that this indicated that potential attackers already have knowledge of the vulnerabilities and may be working on attack tools. As these attacks generally take a long time to runusers may not see an immediate threat Copper explained.

Read more on Hackers and cybercrime prevention