Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Cisco Addresses Flaws in IOS

    By
    Brian Prince
    -
    January 25, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Cisco is providing patches for its popular Internetwork Operating System in response to the discovery of three flaws, the most serious of which would allow hackers to insert malicious code in order to corrupt devices running IOS.

      The company addressed the flaws in a series of advisories released Jan. 24.

      According to Cisco officials, the companys IOS TCP listener in some versions of the IOS software is vulnerable to a memory leak that could be exploited to cause a DoS (denial-of-service) attack.

      /zimages/3/28571.gifClick here to read about a previous IOS flaw, revealed at the Black Hat Briefings.

      Another vulnerability exists in the way Cisco IOS processes a number of different types of IPv4 packets containing a specially crafted IP option, and a third deals with IOS failure to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of these last two flaws could lead to a denial-of-service condition or the launching of arbitrary code.

      In each of the advisories, the company states that it is “not aware of any public announcements or malicious use of the vulnerability described in this advisory.” Cisco officials could not immediately be reached for further comment.

      Andrew Storm, director of security operations for San Francisco-based nCircle Network Security, said the flaws should be taken seriously—if for no other reason than because of how widely used IOS is.

      “It took me probably a good hour yesterday to find a version for my router that wasnt vulnerable,” he said. “Thats a daunting task when you extrapolate that to larger enterprises.”

      He said the workarounds proposed by Cisco, such as turning on “IP options drop,” should already be part of an enterprises standard operating procedures. If they arent, then most likely it is because following those steps may impair functionality in areas critical to the business, he said.

      /zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      The advisories by Cisco led to a warning by the U.S. Computer Emergency Readiness Team that “repeated exploitation of these vulnerabilities may result in a sustained denial-of-service condition. … Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe.”

      /zimages/3/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.

      Avatar
      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×