News

Cisco fixes IOS flaws

Bill Brenner, Senior News Writer
Cisco Systems fixed three flaws in its widely used Internetwork Operating System (IOS) Wednesday. Attackers could exploit them to cause a denial of service or launch malicious code against targeted machines.

The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial-of-service condition, according to the Crafted TCP Packet Can Cause Denial of Service advisory issued by Cisco.

A second denial-of-service flaw affects Cisco routers and switches running IOS or Cisco IOS XR software. Attackers could exploit the flaw after processing an Internet control message protocol (ICMP) packet, protocol independent multicast version 2 (PIMv2) packet; pragmatic general multicast (PGM) packet; or a URL rendezvous directory (URD) packet containing a specific crafted IP option in the packet's IP header.

"Exploitation of the vulnerability may potentially allow for arbitrary code execution," Cisco warned.

Attackers could also crash a device running IOS software by processing a specially crafted IPv6 Type 0 routing header, according to the IPv6 Routing Header Vulnerability advisory issued by Cisco.

The Cisco bulletins prompted the Bethesda, Md.-based SANS Internet Storm Center (ISC) to post an advisory on its Web site.

"If you run Cisco switches or routers in your network, we advise you to review these bulletins in detail and take mitigative action where required," the ISC said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy