[ISN] New Cisco flaw could pose threat to Net

InfoSec News isn at c4i.org
Thu Sep 8 02:35:35 EDT 2005


By Joris Evers 
Staff Writer, CNET News.com
September 7, 2005

A serious flaw in Cisco Systems software puts computer networks at
risk of cyberattack and has prompted security vendor Symantec to raise
its Internet threat level.

A vulnerability in Cisco's Internetwork Operating System could be
exploited to crash or remotely run malicious code on devices that run
IOS, the San Jose, Calif., networking giant warned Wednesday in a
security advisory. IOS runs on Cisco's routers and switches, which
make up a large portion of the Internet's infrastructure.

"Successful exploitation of the vulnerability on Cisco IOS may result
in a reload of the device or execution of arbitrary code," Cisco said
in its advisory. "Repeated exploitation could result in a sustained
(denial of service) attack or execution of arbitrary code."

Cisco's warning prompted Symantec to raise its ThreatCon global threat
index to Level 2, which means an attack is expected. "Given the recent
attention to exploitation of vulnerabilities in Cisco's IOS it is
possible that this issue will see attempts at exploit development in
the near term," Symantec said in an advisory.

Symantec and Cisco both noted that there are no known exploits or
attacks that take advantage of this latest IOS vulnerability. Cisco
has software fixes available to correct the problem.

Cisco has had a hot summer when it comes to security. During the Black
Hat and Defcon security events in July, researcher Michael Lynn
demonstrated he could gain control of a Cisco router by exploiting a
known security flaw in IOS. The operating system had until then been
perceived as impervious to such attacks.
Previous Next Cisco and Internet Security Systems--Lynn's
employer--had agreed to pull the presentation, but researcher Lynn
quit his job and gave the talk anyway. Cisco and ISS sued Lynn after
his presentation and hackers rallied behind the researcher.

The vulnerability disclosed on Wednesday doesn't affect all versions
of IOS, Cisco said. Furthermore, the vulnerability exists only if the
Firewall Authentication Proxy for FTP and Telnet Sessions is in use,
Cisco said. That component of IOS handles authentication requests for
file transfer and telnet sessions.

Affected are those devices running IOS versions 12.2ZH and 12.2ZL,
12.3, 12.3T, 12.4 and 12.4T, Cisco said. Users can log on to their
Cisco device and enter the "show version" command to determine which
version of IOS it is running, Cisco said. The company rates the issue
as a "medium" urgency.

Symantec advises users who can't install the patch immediately to
disable the Firewall Authentication Proxy for FTP and Telnet Sessions
or limit access to the service to trusted hosts and networks.

More information about the ISN mailing list