Secure? Not! Management Protocol

— 11:29 PM on February 12, 2002

Here's a rather alarming story at regarding a new type of security vulnerability. The catch? This one affects many devices with SNMP support. And as you may have guessed, that is a lot of devices.

According to the advisory, affected devices may respond to attacks in a number of ways, from crashing outright to giving the attacker admin level access to allowing denial of service attacks. The article states that almost fifty companies, "including Microsoft, Sun Microsystems, Cisco Systems, 3Com, Nortel Networks and Hewlett-Packard," have affected products. But those are just the ones whose responses to the issue were included with the CERT advisory; the actual number could approach 250.

So what types of devices are at risk? Everything from hubs, switches and routers to operating systems and printers. But wait, there's more!

Among the surprises on the list: Networked medical equipment, such as imaging units and oscilloscopes, some uninterruptible power supplies, and digital cameras may also be at risk.
The whole thing was apparently discovered about five months ago, and CERT managed to keep it remarkably quiet until a large telecom meeting last week. After that, word started to leak, so CERT decided to issue the advisory before the hacker community caught wind of it.

A CERT spokesman quoted in the article thinks that "the majority of network devices connected to the Internet are vulnerable." Without knowing specifics, it's difficult to estimate the possible impact of this, but it doesn't sound good. Unfortunately the information leak forced CERT to rush the advisory out before all the manufacturers had finished writing their patches. Assuming that the manufacturers found out the same time that CERT did, is the fact that they're not done patching yet indicative of the scope of the issue, or the sloth of the manufacturers? Here's hoping the patch writers are just lazy.

Even if the manufacturers get the patches finished and released, it's up to the owners of the equipment to see that they're applied. To that, I have two words for you: Code Red. If people couldn't be bothered to type "" to patch a web server with a cushy GUI, what are the odds that routers and switches (that typically require TFTP) are going to get the treatment? Be afraid, be very afraid.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.