Multiple exploit tools circulating in the hacker community could be used to expose a known vulnerability in SNMP, and launch denial of service (DoS) attacks, or take over network devices, according to AusCert.
AusCert (Australian Computer Emergency Response Team) said it has received reports that a range of exploit tools have been developed and are in circulation in the hacker community that could be used to expose a known security flaw in the Simple Network Management Protocol, version 1 (SNMPv1).
"At this stage, we do not have any reports of attacks that we can confirm as related to the SNMP vulnerabilities issue," Graham Ingram, general manager of Auscert, said. "We do not yet have a clear picture of what some of these tools do."
They could be scanners able to locate vulnerable systems and devices, tools to probe vulnerable systems and devices to see how they respond or attack tools, according to AusCert.
Last week, AusCert, along with CERT bodies worldwide, issued a warning that a vulnerability has been discovered in SNMP, a protocol which is implemented on a wide range of hardware and software systems, including network equipment which carries the Internet traffic.
The exploitation of this flaw could allow an attacker to mount a DoS attack or gain administrative control of a system or device.
This has serious implications if the device is a critical network device such as a router, firewall or switch, or a business-critical system such as a Web, mail or database server.
"While we are waiting -- perhaps hours, days or weeks -- we are hoping that system owners and administrators are busily talking to their vendors and fixing their systems, [and implementing] patches, fixes and workarounds," Ingram said.
But it's a matter of beating the clock and not all systems will be protected in the short term.
Large networks and systems will prove difficult to patch due to the complexity and the high number of devices and systems attached.
"With larger network providers, the time it takes to patch the network can range from days to weeks to months."
Also, in the case of systems running on older equipment, Ingram warned that administrators may find it unlikely that vendors will ever get around to producing a patch or a workaround.
According to Ingram, the worst case scenario is the development of an automated exploit tool, such as a worm like Code Red, that, once released, scans and uses network connections to seek new vulnerable machines to infect.