Cisco Confirms Regex Flaw in IOS

gattaca writes "Cisco has announced a confirmation of an unpatched denial of service vulnerability in Cisco IOS. From the NetPro Forum post: 'I have just discovered a regular expression that crashes the router. I suspect the error is because of division by zero. Since I work for the Enterprise, I do not have direct access to TAC. Please somebody report this to Cisco. I have tested it on ranges of routers (2611, 2821, 2851, 7206) and IOSes (12.0-12.4). All routers crashed with some type of BUS ERROR. Command can be issued in user mode, therefore I think it can be considered as vulnerability to potentially cause DOS.'" Of course, the command has to be entered in user mode, so while potentially a vulnerability, chances are your local IOS-based router won't be DoSed via the bug any time soon.

A bigger IOS flaw discovered

[packetmon]

A bigger vulnerability has been discovered just now as well...

r8#sh ver | in IOS
IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(15)T2, RELEASE SOFTWARE (fc2)
r8#reload
Proceed with reload? [confirm]

Seems like anyone with admin access can reload your router.

IOS (tm) 4500 Software (C4500-A3JK9S-M), Version 12.2(40a), RELEASE SOFTWARE (fc1)
frSwitch#reload
Proceed with reload? [confirm]

Confirmed on multiple routers as well! OMFG. On another note, anyone with local access to the router can power down the router causing a massive denial of service. Our admins here at GoodyTwoShoesNetworking.com are placing epoxy across all power buttons and cables to prevent this