As previously reported, routers, PCs and other devices could be shut down or cut off from the Internet in some cases, said Martin Lindner, team leader for incident handling at the Computer Emergency Response Team (CERT) Coordination Center. CERT is a major clearinghouse for security-related information on the Internet, located at Carnegie Mellon University.
"In the extreme case, you could exploit a buffer overflow to take control of the device," Lindner said.
The problems are caused by security holes in the Simple Network Management Protocol, or SNMP, a basic language used to talk to routers, switches, printers and other managed network devices to allow engineers to glean status and performance information.
In an advisory, CERT warned that the flaws could be used to attack those basic components of the Internet. The advisory includes a list of nearly 50 companies whose products are vulnerable to the flaws, including Microsoft, Cisco Systems and Hewlett-Packard. CERT representatives said they had notified more than 200 companies about the holes.
"It is a very prevalent protocol," Lindner said. "It's used everywhere."
The flaws were found last year by the Oulu University Secure Programming Group (OUSPG) at Oulu University in Finland, Lindner said. The group informed the CERT Coordination Center about the holes last summer, and the watchdog has been working since then to warn network-hardware makers of the problems.
Recently, several rumours have started circulating around the Internet about the flaw, and CERT officials--worried the rumours would spur hackers to look more closely at SNMP--rushed the release of an advisory.
Engineers typically use the Simple Networking Management Protocol to centrally manage the various devices connected to one another via the same network.
"SNMP and basic pinging of devices are the two things network engineers rely on to gauge the basic health of their network," said David Dittrich, a senior security engineer at the University of Washington.
Routers and switches--the hardware devices responsible for directing data around office networks and the Internet--are the most common devices with functions that use SNMP. But any remotely managed device is likely to have the software onboard, Dittrich said, including PCs and printers.
"Using SNMP, a printer can tell you if it's out of paper," Dittrich said.
Although many network-hardware makers have patched the software for their devices, CERT's Lindner believes that the majority of network devices currently connected to the Internet are vulnerable.
