Cisco fixes IOS flaws


Cisco fixes IOS flaws

Bill Brenner, Senior News Writer
Cisco Systems fixed three flaws in its widely used Internetwork Operating System (IOS) Wednesday. Attackers could exploit them to cause a denial of service or launch malicious code against targeted machines.

The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial-of-service condition, according to the Crafted TCP Packet Can Cause Denial of Service advisory issued by Cisco.

A second denial-of-service flaw affects Cisco routers and switches running IOS or Cisco IOS XR software. Attackers could exploit the flaw after processing an Internet control message protocol (ICMP) packet, protocol independent multicast version 2 (PIMv2) packet; pragmatic general multicast (PGM) packet; or a URL rendezvous directory (URD) packet containing a specific crafted IP option in the packet's IP header.

"Exploitation of the vulnerability may potentially allow for arbitrary code execution," Cisco warned.

Attackers could also crash a device running IOS software by processing a specially crafted IPv6 Type 0 routing header, according to the IPv6 Routing Header Vulnerability advisory issued by Cisco.

The Cisco bulletins prompted the Bethesda, Md.-based SANS Internet Storm Center (ISC) to post an advisory on its Web site.

"If you run Cisco switches or routers in your network, we advise you to review these bulletins in detail and take mitigative action where required," the ISC said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy