Cisco warns on router bug
In brief Cisco yesterday warned of a bug in its routing software that could be exploited in denial of service attacks. The network giant has issued a software patch for its Internetwork Operating System (IOS) software to defend against exploitation.
The vuln stems from a flaw in processing Open Shortest Path First (OSPF) protocol traffic - a malformed OSPF packet can crash affected devices. Exploiting this requires detailed technical knowledge of routing protocols and is only possible if the OSPF routing protocol has been enabled. The protocol is turned off by default.
Only routers running IOS release 12.0S, 12.2, and 12.3 are vulnerable. Cisco has released a software update and detailed workarounds as detailed in an advisory here. ®