Week in Security: SNMP Flaws Pose Security Threat


Here's a rundown of some of the events, announcements and other happenings in information security last week:

• Security flaws in the SNMP (Simple Network Management Protocol) affect numerous vendors' products, including routers, switches, operating systems and network management systems, posing a threat to key Internet services, security experts at Carnegie Mellon University's CERT/CC said. SNMP allows administrators to remotely monitor and configure network devices.

The impact of the security flaws differs from product to product, but could allow intruders to launch denial-of-service attacks, interrupt service, or gain administrative control of the affected devices, CERT/CC said.

CERT/CC said network and system administrators should apply vendor patches, if available, or take other steps to protect their systems. Affected vendors include Microsoft, 3Com, Cisco Systems, Computer Associates, and Novell.

CERT/CC said it released the advisory because there has been a lot of talk of the vulnerabilities in the malicious hacker community. So far, experts said they have not found evidence that attackers have found ways to exploit the flaws.

"It's still almost an urban legend at this point," said Stuart McClure, CTO at Foundstone, a security firm specializing in vulnerability assessment. "We haven't been able to dig up anything."

• Secure Computing, maker of the Sidewinder Firewall, said it will acquire Network Associates' Gauntlet firewall/VPN business assets, including the software, the firewall E-ppliance product line, and related customer support contracts. The deal will add more than 4,000 Gauntlet customers and 100 VARs to Secure's roster.

Mark Shulstad, director of sales and marketing at Seattle-based Conjungi Networks, which sold Gauntlet firewalls, said the deal was unusual because Sidewinder and Gauntlet both are application-level firewalls. Trying to make a case for one firewall against the other in a sale would be difficult, he said.

He said a possible outcome of the deal could be a blended product. "It will be interesting to see how it shakes out," he said.

• Microsoft issued a patch for six vulnerabilities affecting Internet Explorer versions 5.01, 5.5, and 6.0. The company rated the vulnerabilities as critical, and said the most serious one could allow an attacker to run code on another user's system. Microsoft released a patch that covers them as well as all known security flaws affecting IE 6. The patch is available for download at: http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp.

The patch covered a hole in IE exploited by an Internet worm that cropped up later in the week and targeted Microsoft's MSN Messenger. The worm spreads via a MSN instant message that invites users to visit a "cool" Web site, antivirus vendor Sophos said. If users click on the link, they will go to a site with malicious JavaScript that forwards the same message to everyone in the person's MSN contact list, according to Sophos.

• Counterpane, a managed security monitoring firm in Cupertino, Calif., said service contracts were up 200 percent in the fourth quarter from the previous quarter. The company credited the increase in customer acquisition to its strategy to sell its monitoring service exclusively through its channel partners. Counterpane counts more than 50 security VAR partners.

• SecureLogix, a San Antonio, Texas-based firm specializing in telecom security, closed a $10.4 million investment that included Symantec, among other investors.