Cisco Systems has patched its Internetwork Operating System (IOS) against security holes an attacker could exploit...
to cause a denial of service or access network resources.
The San Jose, Calif.-based networking giant described the problems in two advisories. The first said IOS software versions 12.2T, 12.3 and 12.3T "may contain vulnerabilities in processing certain Internet Key Exchange (IKE) XAUTH messages when configured to be an Easy VPN Server. Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources."
Danish security firm Secunia said in its advisory that:
- An error in how Internet Key Exchange Extended Authentication (XAUTH) messages are handled can be exploited to complete authentication and gain access to network resources using specially crafted packets.
- An error in how Internet Security Association and Key Management Protocol (ISAKMP) profile attributes are handled could result in the attributes not being processed properly.
XAUTH is an extension to IKE that lets organizations use existing legacy authentication methods to manage remote access. ISAKMP is a standard that specifies the framework for key exchange and authentication.
Cisco's second advisory said certain versions of IOS may be susceptible to a denial-of-service attack "when configured to use the IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on IOS devices."
Secunia's advisory said there is also a memory leak attackers could exploit to exhaust memory resources when SSH users are authenticated against a TACACS+ server and login fails due to invalid credentials.
Cisco said these issues affect any Cisco device running an unfixed version of IOS that supports and is configured to use the SSH server functionality.
The SSH protocol is designed to provide a secure, encrypted connection to a Cisco IOS device. This connection provides functionality similar to a telnet connection, Cisco said. The difference is that all traffic between the server and the client, including authentication information, travels encrypted through the wires. TACACS provides a way to centrally validate users attempting to gain access to servers, workstations, routers, switches, access servers, and other network devices, the company said.
The Cisco advisories offer full details on what the patches do and where to install them.