Cisco network products are hit by buffer overflow in wake of Nimda


Cisco network products are hit by buffer overflow in wake of Nimda

Will Garside
Reports from concerned users claim that some Cisco Catalyst routers, Cisco Call Manager 3 and Pix firewalls have repeatedly crashed or had to be shut down after operators were unable to control data traffic or change settings.

One network manager on the Cisco User Forum said, "We have got a really nasty situation that cropped up after Nimda did its damage to a Web server. The attack drove the router to 100% utilisation, and now the unit won't block TCP 80."

Similar reports are coming from other newsgroups and Cisco has set up an advisory on its Web site.

In security advisories issued after the Code Red attack in July, Cisco recommended turning off port 80, normally used as a last resort for controlling large flows of Internet data. Scott Blake of security consultancy Bindview said, "We have heard a few reports of Cisco products being affected and it sounds like a classic buffer overrun attack due to the huge volumes of traffic generated by the Nimda virus."

Bindview said IOS, the built-in operating system of the affected Cisco products, could be being corrupted, causing anomalous behaviour. "It is unlikely that the virus writers intended this. It is more likely to be a by-product of the virus. Cisco generally makes good kit but, when it is attacked in this way, there is not a lot they can do," said Blake. "All the affected customer can do is to reload IOS and send Cisco a letter complaining about the problem and telling them to do better in the future."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy