Cisco squishes bug trio
PrintSOS for IOS
Posted in Data Networking, 25th January 2007 12:03 GMT
Free whitepaper – Comparison of Static and Rotary UPS
Cisco released three security advisories on Wednesday designed to fix multiple vulnerabilities in its core Internetwork Operating System Software (IOS).
Worst of the trio is a "Crafted IP Option" vulnerability that creates a potential means for hackers to load hostile code onto a range of Cisco routers and switches running IOS. Attacks would have worked by sending certain ICMP, PIMv2, PGM or URD packets with a specific IP option set to a Cisco device, thereby causing the hardware to either crash or load in such a way that arbitrary code is executed. The flaw applies to most of the code base of IOS 12.0, 12.1 and 12.2.
The second vulnerability means that malformed TCP Packets can tie up the memory of vulnerable devices eventually causing them to crash. The third flaw also involves a denial of service risk, triggered by a packet containing crafted IPv6 Type 0 Routing headers.
Cisco Security Advisories and vulnerability notes provided information on patching and possible workarounds to address the flaws. Sys admins are strongly advised to review these detailed bulletins. More easily-digestible information is available in summaries from the Internet Storm Centre (here) and US CERT (here).®
What Exchange can't do - and Dell can
Enabling The Agile Data Center
Seven ways to lower storage costs
Thermal design of the Dell PowerEdge T610, R610, and R710 servers
Ensuring high service levels in cloud computing
Imation notebook flash upgrade as easy as pi to 30 places
Wrecking CRU: hackers cause massive climate data breach
Apple voids warranties over cigarette smoke, users say
O/S bloat: What's the cure?