Feeds

Cisco ships six fixes for DoS bugs

Happy Thursday, sysadmins

Reducing the cost and complexity of web vulnerability management

Sysadmins can get themselves ready for a busy Cisco “patch Thursday”, after the Borg lobbed six patches out the door to deal with a range of denial-of-service (DoS) vulnerabilities in IOS.

The vulnerabilities – see here for a single list – are all scored a CVS base score better than 7 as being remotely exploitable without authentication. Most boil down to how various bits of IOS handle (or don't handle) malformed packets.

Taking them one-by-one:

  • SIP DoS in IOS – Some SIP messages, even though they'd be considered “well-formed”, can trigger a device reload. IOS XE Software release 3.10.0S and 3.10.1S are affected and a fix is available.
  • Key exchange module – the Internet Key Exchange module, IKEv2, can be crashed with a malformed packet. Customers are advised to upgrade to a non-vulnerable version of IOS XE.
  • IOS NAT – Malformed DNS packets can crash the NAT in various IOS versions. Fixed versions are available.
  • IOS SSL VPNs – the SSL subsystem in IOS is vulnerable to crafted HTML requests “designed to consume memory to an affected device”. Various IOS 15.1, 15.2, 15.3 and 15.4 releases are affected, with fixes available.
  • IOS and IOS XE IPv6 stack – can be crashed with crafted IPv6 packets, with fixes available.
  • 7600 Switch Processor with 10 Gbps Ethernet uplinks – crafted IP packets can crash the Kailash FPGA in versions prior to 2.6, with fixes available.

Happy network patch day, network admins!®

Choosing a cloud hosting partner with confidence

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.