CERT and Cisco Warn of IOS Flaws

DoS or arbitrary code executions possible.

By Sean Michael Kerner | Jan 26, 2007
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

US-CERT has issued an advisory this week that warns of vulnerabilities in Cisco's Internetwork Operating System (IOS). Cisco issued three of its own.

Security firm Secunia has labeled the vulnerabilities highly critical. IOS is Cisco's embedded operating system that runs on Cisco routers and switches that are widely deployed on a global basis. If exploited, the vulnerabilities in IOS could potentially lead to a denial of service (DoS) attack or arbitrary code execution.

One of the flaws may have allowed an attacker to exploit IOS by way of a specially crafted IP packet. Cisco notes in its advisory that it discovered the flaw during internal testing.

A memory leak condition in how IOS handles TCP packets could also potentially have been exploited leading to a degradation of service or a full-fledged DoS attack. According to Cisco, this vulnerability only applies to traffic destined to the Cisco IOS device. Traffic-transiting the Cisco IOS device will not trigger this vulnerability.

"Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe," said US-Cert in its alert.

The third flaw reported by Cisco involves a mal-crafted IPv6 packet that could potentially crash IOS. Cisco notes in its advisory that it was initially reported by a customer and a further trigger vector was discovered during developing the fix for this vulnerability.

Cisco is providing fixes to its customers for all of the reported issues.

Article courtesy of internetnews.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >