Cisco Routers Affected by Security Problems

Cisco is warning of three vulnerabilities within its Internet Operating System software; the company has published workarounds and issued an updated version of the software. A denial-of-service attack, running arbitrary code and a device having to reload its OS are all possible on an affected switch router. The latter means a secondary, sustained DOS condition could be caused since packets won't go through the device. "Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe," CERT said.

The three problems are:

  • TCP packet problem: A memory leak in certain versions of IOS could lead to a DOS attack, according to an advisory from the U.S. Computer Emergency Readiness Team.
  • IPv6 router header vulnerability: IOS can fail to properly process IPv6 (Internet Protocol version 6) packets with specially crafted routing heads, which could allow a DOS attack or the running of arbitrary code. IPv6 is a set of specifications that enables more IP addresses to be available on the Internet.
  • Crafted IP option vulnerability: This is a bug concerning how IOS processes IPv4 packets with a specially crafted IP option, CERT said. It could also enable a DOS attack or the running of arbitrary code.
News source: PC World

Report a problem with article
Previous Story

Researchers Build Memory Chip The Size Of A Blood Cell

Next Story

Overhaul of Google Video, Plans for YouTube

1 Comments

Commenting is disabled on this article.

And routers were supposed to be secure. Ah well, everything has its little niggles, and hopefully it will be fixed soon.