Major Flaw Found In Cisco IOS Devices

← Back to Stories (view on slashdot.org)

Major Flaw Found In Cisco IOS Devices

Posted by simoniker on Wednesday July 16, 2003 @05:52PM from the uh-oh-spaghettios dept.

Joff_NZ writes "CERT has released an advisory regarding a serious flaw in all Cisco routers and switches which run IOS and process IPv4 packets (i.e. pretty much everything), which causes the device to stop processing inbound packets, and so: 'The device must be rebooted to clear the input queue on the interface, and will not reload without user intervention.' There are apparently no known exploits (yet), and Cisco have this advisory with a workaround and available fixes."

7 of 266 comments (clear)

Min score:

Reason:

Sort:

Yet... by jerw134 · 2003-07-16 17:54 · Score: 5, Insightful

There are apparently no known exploits (yet)

I say we start a pool on how long yet will actually be, now that CERT released the info.
1. Re:Yet... by jamesh · 2003-07-16 17:59 · Score: 3, Insightful
  
  I couldn't glean from the article exactly what packet would cause the failure. The ACL that was given as a workaround permitted typical protocols (eg tcp, udp, icmp, etc) and blocked the rest. Presumably somewhere in 'the rest' lies the exploit but it's a big space to search.
Re:Disclosure of vulnerabilities by eskimoboy · 2003-07-16 18:20 · Score: 5, Insightful

Sometimes, it's in the best interest of the public to have vulnerability information released directly when it is found out. It opens up the ability for hackers to create exploits before the manufacturers have a chance to find a way to stop it. Sure, releasing information on vulnerabilities for open source projects right away is usually a good idea, but that's due to the fact that with an open source project, the public has the ability to come up with a patch. In cases like these, perhaps it is best for the public to be left out until a proper solution or workaround has been developed by the vendors.
At least it won't worm. by Valar · 2003-07-16 18:24 · Score: 5, Insightful

At least it only freezes the device. If you could make it send the same packet to some of it's router buddies, then freeze, this could get real bad, real fast.

--

====
Crudely Drawn Games
Yes it is by forged · 2003-07-16 20:13 · Score: 5, Insightful

Actually, the proposed workaround works very well (it wouldn't be a workaround otherwise).
Don't misunderstand traffic going THROUGH the router with traffic directed TO the router. You probably want to control the latter because as a good netadmin you should know that this is good practise.
No Exploits? by grimani · 2003-07-16 22:13 · Score: 4, Insightful

What does "no exploits" mean?

No script kiddy tool for it yet?
Nobody's used it yet to take down routers?

Because the security advisory sure sounds like it's discovered an "exploit" on Cisco IOS routers to me.

Any self respecting coder can whip up something homemade to take advantage of the issue.

Is "no exploits" yet supposed to make us feel safer?

If a security hole is there, it's vulnerable. Calling it "unexploited for now" is just misleading and confusing.
homogeneous networks by martin · 2003-07-17 00:35 · Score: 4, Insightful

Now let us step back a little.

IF this had happened to our friends at Redmond (what do you mean 'if' :-) then we'd all be crying about how homogeneous networks/OS's etc are bad for security.

Now it's happened to a vendor with probably more pieces of kit attached to the public internet than anyone else (by a long chalk IMHO).

Do we cry, bad Cisco bad, no we just look at all the poor network admins who will get no sleep for the next 2 days....

Perhaps NOW people wil start looking at alternatives to Cisco.

Don't get me wrong I love Cisco kit, but I think the risk of Cisco everywhere is just about to hit home...