[ISN] Patch now to reduce denial-of-service threat

InfoSec News isn at c4i.org
Thu Apr 14 08:55:57 EDT 2005


http://www.computerweekly.com/articles/article.asp?liArticleID=137910

By Antony Savvas  
14 April 2005 

The UK's National Infrastructure Security Co-ordination Centre (NISCC) 
has advised users to update their internet communications 
infrastructure to plug a denial of service vulnerability in major 
suppliers' equipment.

Cisco, Juniper Networks and IBM have already admitted to the problem 
and have issued patches to prevent the threat, which can lead to 
organisations' networks crashing from a remote denial-of-service 
attack.

The threat involves network routers not being able to handle internet 
traffic supported by the internet control message protocol (ICMP) and 
the transmission connection protocol (TCP). 

Hackers could use the protocols to launch a remote attack and crash 
networks, said the NISCC. The NISCC has rated the threat "medium to 
high". 

Cisco equipment affected includes all router products running its 
Internetworking Operating System (IOS) and its PIX firewall products.

IBM's AIX operating system is also vulnerable, as are some versions of 
Juniper's JUNOS operating software running on its M-series and 
T-series routers.

Other companies' products are believed to be affected by the 
vulnerability.

The NISCC advisory is available from: 
http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en





More information about the ISN mailing list