Feeds

Serious network security holes surface

Black day for BOFHs

  • alert
  • submit to reddit

New hybrid storage solutions

A slew of security vulnerabilities in implementations of SNMP (Simple Network Management Protocol) may allow unauthorised privileged access, denial-of-service attacks, or cause unstable behaviour, security clearing house CERT has warned.

SNMP is a widely-deployed protocol commonly used to monitor and manage network devices. The scary thing about the alert is that more 47 vendors are listed, most of whom report that their kit is affected by the problem to a greater or lesser extent.

Cisco, Computer Associates, Hewlett-Packard, Juniper, Lucent, Marconi, and Microsoft, to name just a few, have issued patches to correct various SNMP implementation flaws. Others, like Nortel, are still evaluating the issue, though some report that their products are not affected.

For system admins, evaluating what needs to be done is going to be a nightmare. This is a black day for BOFHs and the question has to be asked why such a potentially serious set of problems which, if CERT is to be believed, could threaten the stability of the Internet, haven't come to light earlier.

The vulnerabilities were discovered by the Secure Programming Group of Finland's Oulu University, and involve the way which SNMPv1 agents and managers handle requests and trap messages, according to CERT.

Filtering SNMP services and other measures have been suggested as a workaround, and a careful review of the patches available has been urged.

To that we'd add the advice, don't panic. We're at the early stage of what may be a serious infrastructure problem, or an alarmist alert, and it's too early to say which yet -- but not to soon to bring it to people's attention. ®

Related Stories

The SNMP fiasco: steps you need to take
CERT alert - Multiple Vulnerabilities in Many Implementations of SNMP

The next step in data security

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.