[ISN] Cisco Flaw: Fears Ease

From: InfoSec News (isnat_private)
Date: Wed Jul 23 2003 - 00:09:17 PDT

  • Next message: InfoSec News: "[ISN] RFID: A moral dilemma"

    http://www.eweek.com/article2/0,3959,1200972,00.asp
    
    By Dennis Fisher
    July 22, 2003 
    
    Despite fears that a flaw in the software that controls most of the
    routers and switches in the Internet would lead to widespread attacks
    and outages, security monitoring companies say they have seen little
    indication of that happening.
    
    The vulnerability, which affects nearly all of the routers and devices
    running Cisco Systems Inc.'s Internetwork Operating System software,
    was disclosed late last week, and a working exploit for the flaw hit
    the Internet Friday. Security experts and network operators worried
    that the ubiquity of Cisco's devices on the Internet and the easy
    availability of exploit code would lead to mass attacks on vulnerable
    routers.
    
    But none of that has come to pass yet.
    
    "It's been generally pretty quiet. The ISPs had pulled together and
    gotten their patches and access control lists done," said Charles
    Kaplan, senior director of research and MSS and information security
    officer at Guardent Inc., a managed security services provider based
    in Waltham, Mass. "We've been getting a lot of calls from clients
    asking for advice, but no one has been screaming. It really looks like
    the ISPs did their jobs."
    
    The vulnerability arises from IOS' failure to correctly handle a
    specific series of IPv4 packets sent to the device. When the sequence
    of packets hits the device, the IOS mistakenly flags the input queue
    on the network interface as being full. After a period of time, the
    device will stop processing traffic.
    
    The device can be forced to stop routing any traffic on any interface
    and will require a complete restart to resume normal operation.
    
    The big ISPs and network operators were among the first to know of the
    vulnerability. Cisco, based in San Jose, Calif., quietly informed the
    major Internet players on Wednesday, urging them to perform emergency
    upgrades on their devices. Within the next 24 hours, Cisco issued an
    advisory warning the public of the vulnerability and numerous security
    vendors and research organizations followed suit.
    
    Since then, network operators and IT staffs have been holding their
    collective breath, waiting to see whether crackers would start
    hammering on the new flaw. So far, the mad scramble to install patches
    seems to have worked.
    
    "It was a little scary on Wednesday when we were hearing rumors about
    the vulnerability but Cisco hadn't disclosed it yet," Kaplan said.  
    "But Cisco really stepped up and took care of it."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jul 23 2003 - 02:46:46 PDT