Cisco details controversial router flaw

Iria · Jul 29, 2005, 08:54 PM

LAS VEGAS--Cisco Systems on Friday published an advisory on a flaw in its router software that experts have said could be exploited by attackers to seriously disrupt the Internet.

Older versions of the Internetwork Operating System, or IOS, are flawed in the way they process IPv6 packets, Cisco said in its advisory. A specially crafted data packet could let a miscreant gain control over the router, but an attack is possible only from a local network segment and only on systems configured for IPv6, Cisco said.

IOS is the software that runs on Cisco's routers, which make up the infrastructure of the Internet. IPv6 is the next-generation Internet protocol. The networking company fixed the vulnerability in new releases of IOS in April and is urging people to upgrade their router software.

The advisory comes two days after a researcher at the Black Hat security confab defied Cisco and his employer, Internet Security Systems, and demonstrated how he could gain control over a router by exploiting the flaw. Cisco and ISS had agreed to pull the presentation, but researcher Michael Lynn quit his job and gave the talk anyway.

There still is disagreement over the scope of the vulnerability. While Cisco in its advisory stated that an attack is possible only when the attacker has a direct connection to the router, Lynn and other researchers at Black Hat said it is possible to carry it out remotely.
__________
Read More / Source: News.com

nForcer · Jul 30, 2005, 03:32 AM

Uh yeah if you've got Telnet access...which would be like physical access.

Idiots, they're spending time arguing how vunerable it is instead of fixing the problem. Well, I guess they already have, its just a matter of telling the grandpa companies to update thier friggin IOS!

Jul 29, 2005, 08:54 PM	#1
Iria DriverHeaven Extreme Member Join Date: Apr 2004 Posts: 7,275 Rep Power: 74	Cisco details controversial router flaw LAS VEGAS--Cisco Systems on Friday published an advisory on a flaw in its router software that experts have said could be exploited by attackers to seriously disrupt the Internet. Older versions of the Internetwork Operating System, or IOS, are flawed in the way they process IPv6 packets, Cisco said in its advisory. A specially crafted data packet could let a miscreant gain control over the router, but an attack is possible only from a local network segment and only on systems configured for IPv6, Cisco said. IOS is the software that runs on Cisco's routers, which make up the infrastructure of the Internet. IPv6 is the next-generation Internet protocol. The networking company fixed the vulnerability in new releases of IOS in April and is urging people to upgrade their router software. The advisory comes two days after a researcher at the Black Hat security confab defied Cisco and his employer, Internet Security Systems, and demonstrated how he could gain control over a router by exploiting the flaw. Cisco and ISS had agreed to pull the presentation, but researcher Michael Lynn quit his job and gave the talk anyway. There still is disagreement over the scope of the vulnerability. While Cisco in its advisory stated that an attack is possible only when the attacker has a direct connection to the router, Lynn and other researchers at Black Hat said it is possible to carry it out remotely. __________ Read More / Source: News.com

Jul 30, 2005, 03:32 AM	#2
nForcer Twice the fun! Join Date: Jul 2002 Posts: 1,404 Rep Power: 0	Uh yeah if you've got Telnet access...which would be like physical access. Idiots, they're spending time arguing how vunerable it is instead of fixing the problem. Well, I guess they already have, its just a matter of telling the grandpa companies to update thier friggin IOS!