Feeds

Cisco squishes bug trio

SOS for IOS

Beginner's guide to SSL certificates

Cisco released three security advisories on Wednesday designed to fix multiple vulnerabilities in its core Internetwork Operating System Software (IOS).

Worst of the trio is a "Crafted IP Option" vulnerability that creates a potential means for hackers to load hostile code onto a range of Cisco routers and switches running IOS. Attacks would have worked by sending certain ICMP, PIMv2, PGM or URD packets with a specific IP option set to a Cisco device, thereby causing the hardware to either crash or load in such a way that arbitrary code is executed. The flaw applies to most of the code base of IOS 12.0, 12.1 and 12.2.

The second vulnerability means that malformed TCP Packets can tie up the memory of vulnerable devices eventually causing them to crash. The third flaw also involves a denial of service risk, triggered by a packet containing crafted IPv6 Type 0 Routing headers.

Cisco Security Advisories and vulnerability notes provided information on patching and possible workarounds to address the flaws. Sys admins are strongly advised to review these detailed bulletins. More easily-digestible information is available in summaries from the Internet Storm Centre (here) and US CERT (here).®

Security for virtualized datacentres

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
AWS pulls desktop-as-a-service from the PC
Support for PCoIP protocol means zero clients can run cloudy desktops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.