Basic network flaw threatens Net's users

Software bugs in a fundamental language of the Internet--the Simple Network Management Protocol--could leave routers, switches and even PCs open to attack.

Robert Lemos
Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Software bugs in a fundamental language of the Internet could leave routers, switches and even PCs open to attack, an Internet security watchdog said Tuesday.

The problems affect the Simple Network Management Protocol, or SNMP, a basic language used to talk to routers, switches, printers and other managed network devices to allow network engineers to glean status and performance information.

Products from more than 200 makers of Internet-connected hardware are affected by the flaw, said Martin Lindner, team leader for incident handling at the Computer Emergency Response Team (CERT) Coordination Center, a major Internet security watchdog.

"It is a very prevalent protocol," Lindner said. 'It's used everywhere."

The software vulnerabilities could be exploited to varying effect, Lindner added. In some cases, PCs, routers and other devices could be shut down or cut off from the Internet. "In the extreme case, you could exploit a buffer overflow to take control of the device," Lindner said.

The flaws were found last year by a project group at the University of Oulu in Finland, said Lindner. The group informed the CERT Coordination Center last summer, and the watchdog has been working since then to inform network hardware makers of the problems.

Recently, several rumors have started circulating around the Internet about the flaw, and CERT/CC officials--worried that the rumors would spur hackers to look more closely at SNMP--are rushing the release of an advisory.

CERT plans to release an advisory at 10 a.m. PST on Tuesday outlining the problems and various companies' responses.