Feeds

Cisco squishes bug trio

SOS for IOS

Internet Security Threat Report 2014

Cisco released three security advisories on Wednesday designed to fix multiple vulnerabilities in its core Internetwork Operating System Software (IOS).

Worst of the trio is a "Crafted IP Option" vulnerability that creates a potential means for hackers to load hostile code onto a range of Cisco routers and switches running IOS. Attacks would have worked by sending certain ICMP, PIMv2, PGM or URD packets with a specific IP option set to a Cisco device, thereby causing the hardware to either crash or load in such a way that arbitrary code is executed. The flaw applies to most of the code base of IOS 12.0, 12.1 and 12.2.

The second vulnerability means that malformed TCP Packets can tie up the memory of vulnerable devices eventually causing them to crash. The third flaw also involves a denial of service risk, triggered by a packet containing crafted IPv6 Type 0 Routing headers.

Cisco Security Advisories and vulnerability notes provided information on patching and possible workarounds to address the flaws. Sys admins are strongly advised to review these detailed bulletins. More easily-digestible information is available in summaries from the Internet Storm Centre (here) and US CERT (here).®

Beginner's guide to SSL certificates

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.