Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploit Available for Cisco IOS Vulnerability

Posted by michael on from the there-goes-the-internet dept.

GNUman writes "Cisco's IOS vulnerability, posted by Slashdot and CERT, has now a published exploit available, as reported recently by CERT. While there are some some articles claiming that the Internet survived a major flaw, maybe with a publicly available exploit could script kiddies start creating havock?. jerw134 wanted to start a pool to find out when the exploit would be publicly available, here's the answer."

5 of 277 comments (clear)

  1. Contact your network company by nacturation · · Score: 4, Insightful

    If you haven't yet received notification from your NOC that they're going to be doing maintenance, you really need to impress upon them to get this fixed. In a nutshell, this flaw could allow a malicious hacker to shut down traffic to your servers.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    1. Re:Contact your network company by Florian+Weimer · · Score: 4, Insightful

      If you haven't yet received notification from your NOC that they're going to be doing maintenance, you really need to impress upon them to get this fixed. In a nutshell, this flaw could allow a malicious hacker to shut down traffic to your servers.

      First of all, your network might be running on non-Cisco gear (yes, there are other vendors).

      Second, the fact that so many NOCs have to apply emergency patches is scaring. I can understand that NOCs hesitate to install the latest release just after it has been published (some of the releases which include the fix have been available for months), but this particular bug only affects you if your router is insufficiently protected by ACLs against all kinds of malicious traffic. You really want to install such ACLs to mitigate the effect of typical DoS attacks targeted at the router itself, and if you've done your homework, bugs like the present one do not require emergency maintainance.

  2. Tell me why by broothal · · Score: 5, Insightful

    Ok, maybe it's just me, but why is it that I have to provide Ciso with serial number, date of purchase and the name of my cat to get this fix? I mean - the fix is software, and it will only work on Ciso units. So - for crying out loud - put the patch on an FTP site and get over with it. Jumping through hoops to get the patch isn't going to speed things up.

  3. Importance of shaming they who published the explo by lanner · · Score: 5, Insightful

    Importance of shaming those who published this exploit

    There was very little time to act upon the new IOS version that Cisco provided to the public. The software upgrades were available to the public on Thursday morning at 00:00. CERT made their announcement about 15 minutes later. Today, the exploit is public. That is less than 48 hours to upgrade the hundreds of thousands (if not million+) Cisco routers across the world.

    This is the most important security event effecting the Internet since the root DNS server attacks some time back, and this one is potentially much more severe. I have been surprised at the lack of media attention of this issue, or how some of my technical colleges have treated it. They don't seem to understand how many Cisco routers are out there.

    It needs to be shown that by making the exploit of this vulnerability public so soon, the persons who did this only did so for publicity gain at the expense of others.

    They hurt others to profit themselves, and that is no more cool than slavery is. And what did they get out of it? "My dick is bigger than yours."

    I just don't want this to pass over and the people who made this exploit public think that what they did was cool, or that they are going to get a lot of admiration or karma for it. If they like the Internet, which they probably do, they just did the most harmful thing to it as they could have possibly done.

  4. Just Fix It by vinn · · Score: 5, Insightful


    Cisco released the fix two days ago to backbone providers. Other large customers could get the fix early yesterday. If you're affected by this vulnerability and it's not fixed yet:

    • You're not subscribed to the proper news channels (i.e. you're not doing your job) or
    • You're lazy (i.e. you're not doing your job) or
    • You're not as important as you thought (i.e. someone else isn't doing their job.)

    It seems like Cisco handled this one correctly with the providers. I'm not sure how well large customers were handled, my guess is the .edu folks probably got screwed again.

    --
    ----- obSig