Feeds

Cisco ships six fixes for DoS bugs

Happy Thursday, sysadmins

Next gen security for virtualised datacentres

Sysadmins can get themselves ready for a busy Cisco “patch Thursday”, after the Borg lobbed six patches out the door to deal with a range of denial-of-service (DoS) vulnerabilities in IOS.

The vulnerabilities – see here for a single list – are all scored a CVS base score better than 7 as being remotely exploitable without authentication. Most boil down to how various bits of IOS handle (or don't handle) malformed packets.

Taking them one-by-one:

  • SIP DoS in IOS – Some SIP messages, even though they'd be considered “well-formed”, can trigger a device reload. IOS XE Software release 3.10.0S and 3.10.1S are affected and a fix is available.
  • Key exchange module – the Internet Key Exchange module, IKEv2, can be crashed with a malformed packet. Customers are advised to upgrade to a non-vulnerable version of IOS XE.
  • IOS NAT – Malformed DNS packets can crash the NAT in various IOS versions. Fixed versions are available.
  • IOS SSL VPNs – the SSL subsystem in IOS is vulnerable to crafted HTML requests “designed to consume memory to an affected device”. Various IOS 15.1, 15.2, 15.3 and 15.4 releases are affected, with fixes available.
  • IOS and IOS XE IPv6 stack – can be crashed with crafted IPv6 packets, with fixes available.
  • 7600 Switch Processor with 10 Gbps Ethernet uplinks – crafted IP packets can crash the Kailash FPGA in versions prior to 2.6, with fixes available.

Happy network patch day, network admins!®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
Oracle reveals 32-core, 10 BEEELLION-transistor SPARC M7
New chip scales to 1024 cores, 8192 threads 64 TB RAM, at speeds over 3.6GHz
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
Object storage bods Exablox: RAID is dead, baby. RAID is dead
Bring your own disks to its object appliances
Nimble's latest mutants GORGE themselves on unlucky forerunners
Crossing Sandy Bridges without stopping for breath
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?