SNMP Security Flaw
Results 1 to 3 of 3

Thread: SNMP Security Flaw

  1. #1
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783

    Exclamation SNMP Security Flaw

    SNMP Security Flaw Threatens Network Infrastructure

    By Steven Bonisteel, Newsbytes
    PITTSBURGH, PENNSYLVANIA, U.S.A.,
    12 Feb 2002, 5:11 PM CST


    Network administrators are being urged to fix - or at least shield from attackers - a veritable laundry-list of Internet-connected equipment that may be vulnerable because of flaws in software that helps control them. The CERT Coordination Center of Carnegie Mellon University's Software Engineering Institute said the problem might allow malicious hackers to snarl equipment ranging from routers and switches at the heart of the Internet to the high-speed modems that deliver Net access to cable and digital subscriber line (DSL) customers.

    CERT said the problem is so widespread because it is rooted in the Simple Network Management Protocol (SNMP) that is widely used for remote management of such devices.

    The experts said that the vulnerabilities - which can be found in SNMP code imbedded in firmware and in software applications - could open important infrastructure to denial of service attacks. Some combinations of equipment and vulnerable SNMP code - like a computer workstation - might be susceptible to hijacking.

    The CERT bulletin said that researchers at Finland's Oulu University Secure Programming Group (OUSPG) found related SNMP vulnerabilities in equipment from a variety of vendors. A number of other vendors have since reported similar problems, and many have released patches.

    But Chris Rouland, director of the X-Force research team at Internet Security Systems in Atlanta, said applications and pieces of networking equipment have yet to be tested. What's more, he said, many are unlikely to be tested or fixed because vendors no longer support the products or have gone out of business.

    "It's a huge problem," he said. "This is more serious than Code Red. This is probably an eight or a nine on a scale of one to 10."

    Rouland said Code Red, the fast-spreading worm that cut a wide swath through Internet-connected Windows Web servers last year, was a highly successful attack on a fairly simple vulnerability in certain software from Microsoft Corp. He said the SNMP problem is dramatically more complex and could lead to more dire consequences if administrators don't act to shore up their systems.

    Ironically, the Windows Web sever bugs that allowed Code Red to spread, and worms like Nimda after it, were well known to many network administrators and had been fixed by Microsoft before malicious individuals exploited them.

    Rouland said the enormity of the SNMP problem is partly defined by the long list of vendors whose equipment may be vulnerable because of it.

    "We've never seen a single vulnerability that affected over 100 vendors," he said. "It just did not exist. This is new."

    While SNMP is widely used in devices on internal corporate LANs, in manufacturing and processing systems, networked medical imaging equipment, and even consumer electronic devices, Rouland said the a top priority for most administrators will be securing SNMP equipment that is connected to the public Internet.

    The larger and more distributed a company's network is, the more likely it is to be managing that equipment with the help of SNMP, he said.

    Rouland said a prototype tool has already been built by the researchers in order to demonstrate the possibility of SNMP holes being exploited by hackers on a wide scale.

    In certain instances, he said, a hacker might be able to disable multiple devices on a single Internet subnet - say, an entire neighborhood of cable-mode users - with a single SNMP-busting command.

    CERT said network administrators should move quickly to ensure that network firewalls are filtering out unauthorized SNMP data traffic. Additionally, SNMP services on equipment for which patches are not yet available should be disabled if possible.

    More information for CERT is available at http://www.cert.org/advisories/CA-2002-03.html .

    OUSPG's findings are at http://www.ee.oulu.fi/research/ouspg...ng/c06/snmpv1/ .

    Reported by Newsbytes.com, http://www.newsbytes.com .
    Hey, xy's college finally made the news! lol.
    "Never give in-never, never, never, in nothing great or small, large or petty, never give in to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy!" - Winston Churchill

  2. #2
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783
    Sorry Guys. . . . I just realized that this has already been posted. Please accept my appologies for reposting the same information.

    BTW. . . To whoever left the -points with the message:

    it's old ****ing news, there have been thread alerady 2day on this
    Im sorry. But next time PM me instead of giving -points. I didnt see the other freaking post. Everyone makes mistakes in their lifetime.
    "Never give in-never, never, never, in nothing great or small, large or petty, never give in to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy!" - Winston Churchill

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    You are forgiven, just don't let it happen again! ;-) j/k
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •