[ISN] Code to exploit Cisco flaw may pose risk

From: InfoSec News (isnat_private)
Date: Sat Jul 19 2003 - 01:35:46 PDT

  • Next message: InfoSec News: "Re: [ISN] Update: Money seen as biggest obstacle to effective IT security"

    http://news.com.com/2100-1002_3-1027326.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    July 18, 2003
    
    Security experts warned Friday that code which could be used to attack
    and crash Cisco Systems routers has been posted to public mailing
    lists.
    
    The code, posted to the Full-Disclosure security mailing list early
    Friday morning, could be used to disable the Cisco routing hardware
    that connects many networks to the Internet. Two security
    companies--Symantec and Internet Security Systems--upgraded their
    estimation of the level of threat posed to companies connected to the
    Internet.
    
    "The worry is that someone automates this (attack) and uses it for
    mass denial of service against people who haven't upgraded their
    routers," said Al Huger, senior director of engineering for Symantec's
    security response team. "I don't tend to be alarmist, but I think this
    one is a pretty legitimate concern."
    
    Symantec on Friday raised its measure of the threat to 3 from 2. The
    five-point scale has been raised to 3 only a handful of times in the
    last two years, Huger said. The Slammer worm, Code Red worm and
    Bugbear.B virus incidents each were rated 3.
    
    Symantec's intrusion detection systems have detected light attack
    activity as a result of the vulnerability. "We aren't (yet) seeing
    numbers that are really cause for concern," Huger said.
    
    Cisco updated an advisory to warn customers of the public release of
    the flaw but disputed reports that online vandals were exploiting it.  
    "We have no confirmation of any networks being impacted, and we have
    no reports of any successful network attacks," said Jim Brady, a
    spokesman for the company.
    
    Nonetheless, this particular flaw has security experts spooked because
    Cisco routers make up a large portion of the Internet infrastructure.  
    The routers account for more than 80 percent of the hardware in
    corporate networks and more than 90 percent of the hardware that makes
    up the Internet, said Rachna Ahlawat, senior analyst for market
    researcher Gartner.
    
    "Any hardware that is so widely deployed that is under attack can
    cause major network disruption," she said. Ahlawat believes that
    because Cisco found the problem through internal testing and managed
    to give Internet service providers advanced notice of the issue, there
    is a good chance that the worst danger is past.
    
    However, security companies don't seem so sure. While ISPs have been
    rushing to fix Cisco routers, it's unknown how quickly corporations
    and online retailers have worked to fix their networks.
    
    Internet Security Systems raised its measure of the danger on the
    Internet to 3 as well. Both Internet Security Systems and Symantec had
    raised the level to 2 the day before, when the Cisco router
    vulnerability and a major flaw in Microsoft Windows became public.
    
    "It seems right now that people are testing the exploit code," said
    Dan Ingevaldson, engineering director for Internet Security Systems'
    vulnerability research team. "We haven't seen any kind of organized
    attack, any major attack, or any kind of outage."
    
    The Cisco flaw, as first reported by CNET News.com, could allow an
    attacker to stop traffic from flowing through vulnerable network
    hardware. After being advised of the flaw on Tuesday by Cisco, ISPs
    scrambled Wednesday and Thursday to plug the hole in their network
    hardware.
    
    Windows warning
    
    That flaw came just after another widespread vulnerability--this one
    in Windows. Microsoft released its advisory Wednesday, warning that
    every computer running any version of Microsoft Windows, except for
    Windows ME, had a security hole that could allow an attacker to take
    control of the computer.
    
    The Windows flaw is in a service that normally wouldn't be available
    over the Internet if the system's owner followed strong security
    guidelines. However, many companies and home users may inadvertently
    have systems that are connected directly to the Internet and aren't
    protected by a firewall, security researchers warned.
    
    While a program designed to attack Cisco systems has been published,
    Ingevaldson hasn't seen any such exploit for the Microsoft flaw.
    
    "We haven't seen any public exploits, but we were able to develop one
    internally," he said. "And we assume that if we can do it, so can
    anyone else."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Jul 19 2003 - 04:42:10 PDT