A glaring example of this was the SNMP (Simple Network Management Protocol) vulnerability announced in February of 2002. Students at Oulu University in Finland actually discovered the flaws in the summer of 2001 while working on the PROTOS project, a test suite designed to test SNMPv1 (version 1). Some vulnerabilities are dubbed zero day exploit vulnerabilities by the media, but the question is zero day by whose calendar? Often times the vendor and key technology providers are aware of a vulnerability weeks or even months before an exploit is created or before the vulnerability is disclosed publicly.
Called either Day Zero or Zero-Day, it is an exploit that takes advantage of a security vulnerability on the same day that the vulnerability becomes publicly or generally known. Zero-Day exploits are usually posted by well-known hacker groups. Software companies may issue a security bulletin or advisory when the exploit becomes known, but companies may not be able to offer a patch to fix the vulnerability for some time after.
SNMP is a simple protocol for devices to talk to each other. It is used for device to device communication and for remote monitoring and configuration of network devices by administrators. SNMP is present in network hardware (routers, switches, hubs, etc.), printers, copiers, fax machines, high-end computerized medical equipment and in almost every operating system.
After discovering that they could crash or disable devices using their PROTOS test suite, the students at Oulu University discreetly notified the powers that be and the word went out to the vendors. Everyone sat on that information and kept it secret until it was somehow leaked to the world that the PROTOS test suite itself, which was freely and publicly available, could be used as the exploit code to bring down SNMP devices. Only then did the vendors and the world scramble to create and release patches to address the situation.
ABOUT THE AUTHOR