Slashdot Mirror
Cisco Flaw Opens Routers to Attack
Jack writes "Cisco is suffering from a serious flaw in its router operating system, which might allow execution of remote code: 'Cisco has warned of a new flaw in its IOS router operating system which might be used by attackers to launch denial of service attacks or take over IOS-based devices. The flaw causes to buffer overflow due to incorrect handling of user authentication credentials.'"
Here's a link to the cisco advisory
I noticed the linked article didn't have that link, and its viewable by the Internet public. Let's see how Cisco holds up to the mighty
"We are all geniuses when we dream"
- E.M. Cioran
...some fallout from http://it.slashdot.org/article.pl?sid=05/07/29/185 0234&tid=99&tid=172&tid=123&tid=218
Please stop APK.. you're only hurting yourself.
This opens the whole somewhat (ie: it's open to an untrusted userbase by its nature), but the original point still stands as good general practices.
Mooniacs for iOS and Android
Affected versions include IOS 12.2ZH, IOS 12.2ZL, IOS 12.3, IOS 12.3T, IOS 12.4 and IOS 12.4T. IOS versions that are not vulnerable are IOS XR and IOS versions 12.2 and earlier, including 12.0S. This shouldn't be a problem for those Network Administrators that created access control lists for modifications for the router, however Cisco has issued a patch.
If you are someone you know are running any of the following versions of code, please think of the baby seals and upgrade. That is all.
Devices that are running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface.
12.2ZH and 12.2ZL based trains 12.3 based trains 12.3T based trains 12.4 based trains 12.4T based trains
I think that was the IPv6 routing bug, which allowed programs to be remotely run, which Cisco admitted to shortly after.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
article text
Summary
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS® are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This means that only equipment that is configured to act as an authenticatoin proxy for FTP and/or telent are affected.
I work with cisco equpment every day and this is not a normal service to have configured. This exploit probably isn't as big of a deal as its being made out to be. Just my 2 cents...
- Think for yourself, question authority.-
Lynn's presentation wasn't about any specific vulnerability (I think he did mention one vulnerability, which was patched some time before the presentation). It was generally thought that most Cisco vulnerabilities could only hang or reboot IOS. Lynn showed that you could inject code. Which makes vulnerabilities like this one a lot more dangerous, as an attacker can Own the router instead of just crashing it.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
No. Mike's "first cut" was against the link-local IPv6 parser (a fact not disclosed publically by Mike, but by Cisco). Once in, he actually figured out how to execute arbitrary code -- something way harder than even Mike's slides describe.
He could get into pretty much any Cisco router w/ his attack, whereas this proxy attack isn't going to affect anything on the global net.
You obviously failed Networking 101. A hub or switch is nothing like a hardware based firewall. You don't have a clue.