Feeds

Cisco squishes bug trio

SOS for IOS

5 things you didn’t know about cloud backup

Cisco released three security advisories on Wednesday designed to fix multiple vulnerabilities in its core Internetwork Operating System Software (IOS).

Worst of the trio is a "Crafted IP Option" vulnerability that creates a potential means for hackers to load hostile code onto a range of Cisco routers and switches running IOS. Attacks would have worked by sending certain ICMP, PIMv2, PGM or URD packets with a specific IP option set to a Cisco device, thereby causing the hardware to either crash or load in such a way that arbitrary code is executed. The flaw applies to most of the code base of IOS 12.0, 12.1 and 12.2.

The second vulnerability means that malformed TCP Packets can tie up the memory of vulnerable devices eventually causing them to crash. The third flaw also involves a denial of service risk, triggered by a packet containing crafted IPv6 Type 0 Routing headers.

Cisco Security Advisories and vulnerability notes provided information on patching and possible workarounds to address the flaws. Sys admins are strongly advised to review these detailed bulletins. More easily-digestible information is available in summaries from the Internet Storm Centre (here) and US CERT (here).®

Build a business case: developing custom apps

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.