Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Flaw Found In Cisco IOS Devices

Posted by simoniker on from the uh-oh-spaghettios dept.

Joff_NZ writes "CERT has released an advisory regarding a serious flaw in all Cisco routers and switches which run IOS and process IPv4 packets (i.e. pretty much everything), which causes the device to stop processing inbound packets, and so: 'The device must be rebooted to clear the input queue on the interface, and will not reload without user intervention.' There are apparently no known exploits (yet), and Cisco have this advisory with a workaround and available fixes."

4 of 266 comments (clear)

  1. Re:Yikes... by Grizzletooth · · Score: 5, Informative

    No, the advisory states that non-contract customers can send an email to tac@cisco.com and get access to a "free upgrade".

  2. Re:Whoa, very interesting!! by MrMickS · · Score: 4, Informative

    Cisco Cable Modems run a version of IOS. However they have private IP addresses on the cable side and pass thru the DHCP requests that your device(s) make to the providers DHCP server. Unless your cable provider's network has been compromised I doubt that this is related to your problem.

    --
    You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
  3. Just got this from Internap: by flirzan · · Score: 5, Informative

    To all Internap customers:

    Cisco Systems has released to the public notification of a vulnerability
    in many versions of Cisco IOS which can create a Denial of Service on an
    affected router. The details of the advisory can be viewed at the
    following link:

    http://www.cisco.com/warp/public/707/cisco-sa-20 03 0717-blocked.shtml

    No exploits which target this vulnerability have yet been identified.

    Prior to the public notification, Cisco had contacted their major NSP
    customers including Internap to inform us of this vulnerability. Internap
    has identified IOS versions with the appropriate fix for the platforms in
    our network and scheduled upgrades to our routers. Customers will receive
    notification shortly of the window in which the routers you are homed to
    will be upgraded. Due to the severity of this vulnerability these
    upgrades are being performed as emergency maintenance.

    Customers with questions about the possible impact of this vulnerability on
    their own equipment are urged to read the notice at the link above or to
    contact Cisco directly.

    --
    Twinkies sure taste good for something that is 68% air.
  4. Re:Yet... by Anonymous Coward · · Score: 5, Informative

    ok folks, here's how it works. A specially crafted packet is sent to an interface on a router. This packet takes up space in the queue on the interface. Once a few of these packets fill up that queue no more traffic is able to pass thru the interface. You won't see a high utilization on the CPU, it'll just throw'em away. It's important to understand that the packet has to be directed to the interface on the router, not just merely passing through it. After the queue fills up (around 4k I'm thinking)the only way to empty it is to reload, if I'm reading correctly. From what I can tell, the large back bones got the notice a few days ago. Some lower tier players received it yesterday. And public disclosure supposed to happen tonite around 21:00 EDT or so. However, several major internet players all of a sudden performing emergency maintenance, was a bit obvious. Especially when companies known to employ lots of Juniper didn't seem to do much. Well, guess it wasn't that OBVIOUS, but...net-eng people are worse than a small town knitting group.