SNMP and Potential ASN.1 Vulnerabilities

Earlier this year a number of vulnerabilities in the Simple Network Management Protocol (SNMP) were publicized by the University of Oulu Secure Programming Group. This paper briefly describes the SNMP protocol, with emphasis on the underlying ASN.1 notation, discusses the vulnerabilities identified by Oulu and demonstrates the Oulu Protos SNMP testing tool. A number of protocols critical to the secure use of the Internet, such as SSL/TLS, S/MIME, Kerberos, LDAP and H.323 also rely on ASN.1 and the potential for further, more serious and less easily addressed vulnerabilities within such protocols is also discussed. These protocols are considered to be potentially at risk and it is noted that a large scale, successful attack on a protocol such as SSL/TLS would damage the credibility of the Internet as a secure place to do business and would discourage a large number of corporations who currently see the Internet as a core part of their business strategy. On the evidence currently available it seems that the underlying ASN.1 standard itself is not primarily at fault. Rather the ASN.1 encoders and decoders do not seem to handle malformed encodings robustly. It would be expected that this may allow such vulnerabilities to be successfully addressed, hopefully before large scale attacks can be launched.