Cisco has warned users of a flaw in its IOS software which might be used by hackers to bypass security restrictions and run hostile code on network devices. The vulnerability reportedly affects all Cisco products that run Cisco IOS software, including routers and a limited range of switches that don't run CatOS.
The security flap stems from a heap-based buffer overflow security bug involving internal operating system timers. This might be exploited in conjunction with some other heap-based buffer overflow vulnerability to run hostile code on vulnerable systems.
In a statement, Cisco said it had not received any reports about active exploitation of the vulnerability. It explained that the security flaw was related to security bugs outlined in a presentation by security researcher Michael Lynn at Black Hat in July. This presentation became a cause celebre in the security research community after Cisco controversially obtained a restraining order to suppress publication of Lynn's findings.
View: Cisco Security Advisory
News source: The Register
The security flap stems from a heap-based buffer overflow security bug involving internal operating system timers. This might be exploited in conjunction with some other heap-based buffer overflow vulnerability to run hostile code on vulnerable systems.
In a statement, Cisco said it had not received any reports about active exploitation of the vulnerability. It explained that the security flaw was related to security bugs outlined in a presentation by security researcher Michael Lynn at Black Hat in July. This presentation became a cause celebre in the security research community after Cisco controversially obtained a restraining order to suppress publication of Lynn's findings.
View: Cisco Security Advisory News source: The Register
When contacted for input on the issue, a Mozilla spokesperson said that with 35 languages across 3 supported platforms (Windows, Linux, and Mac) the list of bugs suspected and reported via the Bugzilla reporting and tracking tool can sometimes be massive. The spokesperson went on to state that while the Bugzilla lists can often be overwhelming, a significant number of submitted reports often times just don’t contain enough information to be of assistance when it comes to tracking down a particular problem. As I witnessed myself, there are pages of comments on this bug alone, and many of them contain no technical information to assist the developers, but merely contain frustrated comments such as “this was broke back in version x.xx and it’s still broken, when will it be fixed.” While it is understandable that posts like that are submitted by users who are at the time, frustrated with the situation, it is also true that they provide no value whatsoever to the bug tracking process. The Mozilla spokesperson also stated that of those issues reported, first priority has and will always be security issues, and then issues that are more widespread and have the potential to disrupt the usefulness of the product to the most users, which is understandable.
In the end, this bug has existed for quite some time, and Mozilla is aware of it. However it only rears its ugly head twice a year, at the change to and from Daylight Savings Time, and coupled with the fact that not everyone observes Daylight Savings Time, it just doesn’t get enough attention from the end user to warrant investing a lot of time and resources in to fixing, at least not in the current release of the software. The Mozilla spokesperson did say that v1.5 is due out in this quarter, which is rapidly drawing to a close, and that Release Candidate 1 would be released very soon. With so many changes in this new version including some significant security enhancements such as anti-phising protection, the spokesperson said that it is possible that this issue may become a non-issue once v1.5 is released. Will it be fixed in v1.5? We’ll keep you posted.
View: Bug 136049 @ Bugzilla
testing ios upgrade here on a few before promoting ..
I'm guessing it is but one should never assume.
The flaw was the ability to run code remotely on IOS but it requires another hole in order to deliver the content. The point is, the underlining layer of security in IOS was flawed, even if there are no known upper layer problems, this lower layer issue was just waiting for a new avenue.
Keep in mind not all buffer overflows and such cause code execution, but they can if the code they pass actually gets executed and in the case of Cisco, they always will until this hole is fixed.
Oh n0Es!
Yes it was, and it only took good ole Cisco 12+ months to fix it. The guy now works for Juniper.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.