Cert warns of web meltdown

The Computer Emergency Response Team (Cert) has warned that numerous security holes in the Simple Network Management Protocol (SNMP) could shut down or cut off routers, PCs and other devices from the internet. It has already notified more than 200 manufacturers about the flaws.

Caldera, 3Com, Cisco Systems, Compaq, Hewlett Packard, IBM, Juniper Networks, Sun Microsystems, Microsoft, Lucent, Nokia and Network Associates are among the vendors that have either reported or are working on fixes for software flaws that could leave the web's basic infrastructure in danger of disruption.

The vulnerabilities involve the way in which SNMP implementations, which enable network administrators to remotely monitor and configure routers, switches, operating systems and network management systems, handle warning and error messages and requests.

If exploited, the vulnerabilities could allow attackers to disable the networked devices, cause denial of service interruptions to websites and even gain administrative control over the devices, according to Cert.

The flaws were first discovered by the Secure Programming Group at Finland's Oulu University. The team found multiple vulnerabilities in the way SNMP version one is implemented in many vendors' products.

Cert said that hundreds of vendors use the internet protocol found to be at risk and recommended that administrators disable SNMP on any machine that does not need it for normal operations.

"Large scale outages of these devices could disable significant portions of the global network," Cert said in its alert.

The group also warned that the problem is most serious for internet service providers which use routers to manage the flow of messages across computer networks and the web.

More information about the vulnerabilities is available at www.cert.org/advisories/CA-2002-03.html.