The UK’s National Infrastructure Security Co-ordination
Centre (NISCC) has advised users to update their internet
communications infrastructure to plug a denial of service
vulnerability in major suppliers’ equipment.
Cisco, Juniper Networks and IBM have already admitted to the
problem and have issued patches to prevent the threat, which can
lead to organisations’ networks crashing from a remote
denial-of-service attack.
The threat involves network routers not being able to handle
internet traffic supported by the internet control message protocol
(ICMP) and the transmission connection protocol (TCP).
Hackers could use the protocols to launch a remote attack and
crash networks, said the NISCC. The NISCC has rated the threat
“medium to high”.
Cisco equipment affected includes all router products running
its Internetworking Operating System (IOS) and its PIX firewall
products.
IBM’s AIX operating system is also vulnerable, as are some
versions of Juniper’s JUNOS operating software running on its
M-series and T-series routers.
Other companies’ products are believed to be affected by the
vulnerability.
The NISCC advisory is available from:
http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en