Slashdot Mirror
Cisco Flaw Opens Routers to Attack
Jack writes "Cisco is suffering from a serious flaw in its router operating system, which might allow execution of remote code: 'Cisco has warned of a new flaw in its IOS router operating system which might be used by attackers to launch denial of service attacks or take over IOS-based devices. The flaw causes to buffer overflow due to incorrect handling of user authentication credentials.'"
Here's a link to the cisco advisory
I noticed the linked article didn't have that link, and its viewable by the Internet public. Let's see how Cisco holds up to the mighty
"We are all geniuses when we dream"
- E.M. Cioran
It's been pretty standard to ACL off authentication methods from unknown or untrusted networks for some time.
If you can only auth from a known network, then an overrun in that auth process still requires access to a restricted location, which will stop 99% of attacks (which are usually automated these days).
Mooniacs for iOS and Android
Dupe! Oh.... Nevermind, it seems like just yesterday a serious flaw was found in CISCO. I hope this doesn't become common place for CISCO
$fortune
Tomorrow has been canceled due to lack of interest.
No, this is the only existing issue on Cisco brand routers.
The defcon attack isn't scheduled to exist until the patch is published in February.
Platform advocacy is like choosing a favorite severely developmentally disabled child.
...some fallout from http://it.slashdot.org/article.pl?sid=05/07/29/185 0234&tid=99&tid=172&tid=123&tid=218
Please stop APK.. you're only hurting yourself.
Affected versions include IOS 12.2ZH, IOS 12.2ZL, IOS 12.3, IOS 12.3T, IOS 12.4 and IOS 12.4T. IOS versions that are not vulnerable are IOS XR and IOS versions 12.2 and earlier, including 12.0S. This shouldn't be a problem for those Network Administrators that created access control lists for modifications for the router, however Cisco has issued a patch.
If you are someone you know are running any of the following versions of code, please think of the baby seals and upgrade. That is all.
Devices that are running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface.
12.2ZH and 12.2ZL based trains 12.3 based trains 12.3T based trains 12.4 based trains 12.4T based trains
quiet everbody....
if nobody knows, then nothing's wrong....
There are no flaws in Cisco's IOS. If there was, no one would be allowed to talk about it, and anyone who did would be threatened and forced to recant. Thusly, there are no Cisco vulnerabilities. The Cisco Inquisition will take care of those who actually dare to question the sanctity of the Church of Cisco, and its most holy IOS. This whole topic is clearly in violation of that most sacred tenet, and thus the Cisco Inquisition has determined that Slashdot advocates heresy. It will be duly noted and CmdrTaco will be forced to recant the very existence of this topic.
The world's burning. Moped Jesus spotted on I50. Details at 11.
A Crisco flaw has left the routers open to deep pan frying.
article text
Summary
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS® are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This means that only equipment that is configured to act as an authenticatoin proxy for FTP and/or telent are affected.
I work with cisco equpment every day and this is not a normal service to have configured. This exploit probably isn't as big of a deal as its being made out to be. Just my 2 cents...
- Think for yourself, question authority.-
Lynn's presentation wasn't about any specific vulnerability (I think he did mention one vulnerability, which was patched some time before the presentation). It was generally thought that most Cisco vulnerabilities could only hang or reboot IOS. Lynn showed that you could inject code. Which makes vulnerabilities like this one a lot more dangerous, as an attacker can Own the router instead of just crashing it.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
Yes but then the dupe will be posted, so this will start all over again.
Read the advisory.
The affected subsystem is not the firewall, but the authentication proxies for ftp and telnet. It is doubtful that those features are being used all that much.
The advisory also list a set of ACL that should suffice in most cases until a patch is issued.
If this was a problem in the firewall or ACL subsystem, it would be a bigger issue because many companies use them to place a reduced ruleset for all traffic that should be blocked in all directions like netbios, snmp, etc.
No. Mike's "first cut" was against the link-local IPv6 parser (a fact not disclosed publically by Mike, but by Cisco). Once in, he actually figured out how to execute arbitrary code -- something way harder than even Mike's slides describe.
He could get into pretty much any Cisco router w/ his attack, whereas this proxy attack isn't going to affect anything on the global net.