Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Confirms Regex Flaw in IOS

Posted by CowboyNeal on from the does-not-compute dept.

gattaca writes "Cisco has announced a confirmation of an unpatched denial of service vulnerability in Cisco IOS. From the NetPro Forum post: 'I have just discovered a regular expression that crashes the router. I suspect the error is because of division by zero. Since I work for the Enterprise, I do not have direct access to TAC. Please somebody report this to Cisco. I have tested it on ranges of routers (2611, 2821, 2851, 7206) and IOSes (12.0-12.4). All routers crashed with some type of BUS ERROR. Command can be issued in user mode, therefore I think it can be considered as vulnerability to potentially cause DOS.'" Of course, the command has to be entered in user mode, so while potentially a vulnerability, chances are your local IOS-based router won't be DoSed via the bug any time soon.

4 of 61 comments (clear)

  1. Re:does it could as denial of service by blantonl · · Score: 4, Funny

    It only if works you authenticated are router to the.

    --
    Lindsay Blanton
    RadioReference.com
  2. A bigger IOS flaw discovered by packetmon · · Score: 5, Funny
    A bigger vulnerability has been discovered just now as well...

    r8#sh ver | in IOS
    IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(15)T2, RELEASE SOFTWARE (fc2)
    r8#reload
    Proceed with reload? [confirm]
    Seems like anyone with admin access can reload your router.

    IOS (tm) 4500 Software (C4500-A3JK9S-M), Version 12.2(40a), RELEASE SOFTWARE (fc1)
    frSwitch#reload
    Proceed with reload? [confirm]
    Confirmed on multiple routers as well! OMFG. On another note, anyone with local access to the router can power down the router causing a massive denial of service. Our admins here at GoodyTwoShoesNetworking.com are placing epoxy across all power buttons and cables to prevent this
    --
    Infiltrated dot Net
  3. The Enterprise by AntEater · · Score: 4, Funny

    "Since I work for the Enterprise, I do not have direct access to TAC. "

    Yes, Capt. Kirk can be very protective of the TAC.

    --
    Alex, I'll take keybindings not used by Emacs for $400....
  4. Old news (to everyone but Cisco) by OriginalArlen · · Score: 4, Insightful
    This was widely publicized (amongst the loose communities of Cisco users, anyway) back around the time the original post was made. Hey, that would have been... 18th August! :)

    To be fair, there IS a story here, which is that Cisco only just acknowledged this officially.

    Service Provider types (the operators of routers whose successful attack would actually affect anyone in the real world) have been well aware of this. But as others have pointed out, if you don't trust your admins, and you're not running proper logging and a proper audit trail of admin sessions already, you've got bigger problems than this.

    --

    Everything I needed to know about life, I learnt from Blake's Seven