SNMP security flaw ‘threatens Internet stability’

13 February 2002 Serious security flaws in one of the key underlying technologies of the Internet could threaten the very stability of the web, security specialists have warned.

The Computer Emergency Response Team (CERT) has issued a dramatic advisory note about the apparent instability of the simple network management protocol (SNMP), a widely-deployed technology used to monitor and manage the flow of data through routers and switches.

Software flaws inadvertently included in popular implementations of SNMP could allow unauthorised privileged access, denial-of-service (DoS) attacks or cause unstable behaviour, says CERT.

The clearing house listed 47 vendors that make products affected by the flaw. This list includes Microsoft, Sun Microsystems, Cisco Systems, 3Com, Nortel Networks, Hewlett-Packard, Lucent Technologies, Juniper Networks, Marconi and Computer Associates.

Network engineers and systems administrators were urged to test any device that is centrally-managed using SNMP.

The problems are thought to affect Internet service providers the most. Such companies often use thousands of routers and switches that are managed centrally. The flaws were first discovered in early 2001 by programmers at Oulo University in Finland.

Infoconomy news:
Security flaws found in Oracle 9i database (7 February 2002)

Other links:
CERT advisories

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics