Flaws In SNMP Pose Threat To Net

Multiple vulnerabilities in SNMP (Simple Network Management Protocol) affect many vendors' products, including routers, switches, operating systems and network management systems, CERT/CC said in an advisory. SNMP allows administrators to remotely monitor and configure network devices.

The impact of the security flaws differs from product to product, but it could enable intruders to launch denial-of-service attacks, interrupt service or gain administrative control of the affected devices, according to CERT/CC. The vulnerabilities were discovered by the Oulu University Secure Programming Group at Oulu University in Finland.

A CERT/CC spokesman said the center is investigating possible claims that the flaws have been exploited. CERT/CC recommends that network and systems administrators apply vendor patches, if available. Not all vendors have released patches yet.

The center provides other steps administrators can take in its advisory, which is available at http://www.cert.org/advisories/CA-2002-03.html.