Flaws In SNMP Pose Threat To Net


Security flaws in a popular protocol used to manage network devices could make a slew of products that provide key Internet services vulnerable to attack, security experts at the CERT Coordination Center (CERT/CC) here said on Tuesday.

Multiple vulnerabilities in SNMP (Simple Network Management Protocol) affect many vendors' products, including routers, switches, operating systems and network management systems, CERT/CC said in an advisory. SNMP allows administrators to remotely monitor and configure network devices.

The impact of the security flaws differs from product to product, but it could enable intruders to launch denial-of-service attacks, interrupt service or gain administrative control of the affected devices, according to CERT/CC. The vulnerabilities were discovered by the Oulu University Secure Programming Group at Oulu University in Finland.

A CERT/CC spokesman said the center is investigating possible claims that the flaws have been exploited. CERT/CC recommends that network and systems administrators apply vendor patches, if available. Not all vendors have released patches yet.

The center provides other steps administrators can take in its advisory, which is available at http://www.cert.org/advisories/CA-2002-03.html.