LAS VEGAS--Cisco Systems on Friday published an advisory on a flaw in its router software that experts have said could be exploited by attackers to seriously disrupt the Internet.
Older versions of the Internetwork Operating System, or IOS, are flawed in the way they process IPv6 packets, Cisco
said in its advisory. A specially crafted data packet could let a miscreant gain control over the router, but an attack is possible only from a local network segment and only on systems configured for IPv6, Cisco said.
IOS is the software that runs on Cisco's routers, which make up the infrastructure of the Internet.
IPv6 is the next-generation Internet protocol. The networking company fixed the vulnerability in new releases of IOS in April and is urging people to upgrade their router software.
The advisory comes two days after a researcher at the Black Hat security confab defied Cisco and his employer, Internet Security Systems, and demonstrated how he could gain control over a router by exploiting the flaw. Cisco and ISS had agreed to pull the presentation, but researcher Michael Lynn quit his job and gave the talk anyway.
There still is disagreement over the scope of the vulnerability. While Cisco in its advisory stated that an attack is possible only when the attacker has a direct connection to the router, Lynn and other researchers at Black Hat said it is possible to carry it out remotely.
__________
Read More / Source:
News.com
