Exploit code lurks for Cisco flaw

Article

Exploit code lurks for Cisco flaw

Edward Hurley, SearchSecurity.com News Writer

Code that exploits a recently revealed flaw in Cisco's router operation system is publicly available, so now it's up to network administrators to patch their systems or face attack.

There have been isolated reports over the weekend of attackers trying to exploit the vulnerability, which is in Cisco's network operating system, IOS, when processing IP version 4 (IPv4) packets. More than 100 of Cisco's products are susceptible including routers and switches.

ISPs are taking the flaw seriously and are patching their systems. "We have not seen the huge blackouts that would have occurred if they hadn't started to address the issue," said Dave Cole, director of products at Foundstone Inc., Mission Viejo, Calif. "The urgency to patch systems has certainly increased because the exploit is now available."

The Computer Emergency Response Team at Carnegie Mellon University in Pittsburgh has issued an advisory because the exploit code was posted to some Internet mailing lists. Symantec and Internet Security Systems have both raised their threat levels for the vulnerability because of the code's release.

In general, the release of exploit code increases the danger of vulnerabilities as it allows people with limited technical savvy to take advantage of the flaws. Instead of having to write the precise packets needed to attack the flaw, a would-be attacker would only have to cut and paste the information from the Internet. In the case of the Cisco vulnerability,

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

exploiting it would trigger a denial-of-service attack that could shut down Web sites and network access points.

Exploiting the vulnerability requires sending some specially crafted IPv4 packets to affected systems. The packets would trick the systems into thinking they are full. The routers and switches would then stop processing traffic, which would render Web servers and other network-dependent systems inaccessible.

The release of the exploit code wasn't surprising given the fact that advisories give would-be attackers the information they need to create the code, Cole said. "The real question is whether people would have enough time to perform upgrades to their systems."

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Fix for Cisco flaw will be tricky"

Cisco's security bulletin (including the patch)