Cisco patches multiple IOS flaws

By Bill Brenner, News Writer 07 Apr 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Cisco Systems has patched its Internetwork Operating System (IOS) against security holes an attacker could exploit to cause a denial of service or access network resources.

The San Jose, Calif.-based networking giant described the problems in two advisories. The first said IOS software versions 12.2T, 12.3 and 12.3T "may contain vulnerabilities in processing certain Internet Key Exchange (IKE) XAUTH messages when configured to be an Easy VPN Server. Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources."

Danish security firm Secunia said in its advisory that:

• An error in how Internet Key Exchange Extended Authentication (XAUTH) messages are handled can be exploited to complete authentication and gain access to network resources using specially crafted packets.
• An error in how Internet Security Association and Key Management Protocol (ISAKMP) profile attributes are handled could result in the attributes not being processed properly.

XAUTH is an extension to IKE that lets organizations use existing legacy authentication methods to manage remote access. ISAKMP is a standard that specifies the framework for key exchange and authentication.

Cisco's second advisory said certain versions of IOS may be susceptible to a denial-of-service attack "when configured to use the IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on IOS devices."

More on Cisco and security Read about Cisco's grand plan for incorporating security into its product line. The case for self-defending networks

Secunia's advisory said there is also a memory leak attackers could exploit to exhaust memory resources when SSH users are authenticated against a TACACS+ server and login fails due to invalid credentials.

Cisco said these issues affect any Cisco device running an unfixed version of IOS that supports and is configured to use the SSH server functionality.

The SSH protocol is designed to provide a secure, encrypted connection to a Cisco IOS device. This connection provides functionality similar to a telnet connection, Cisco said. The difference is that all traffic between the server and the client, including authentication information, travels encrypted through the wires. TACACS provides a way to centrally validate users attempting to gain access to servers, workstations, routers, switches, access servers, and other network devices, the company said.

The Cisco advisories offer full details on what the patches do and where to install them.

Tags: Client security,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Client security How to keep networks secure when deploying an 802.11n upgrade InZero Systems launches hardware-based security gateway DLP technology challenges security costs Endpoint protection best practices manual: Combating issues, problems Kaspersky update for SMBs in wake of free Microsoft Security Essentials Microsoft makes free antivirus software widely available Security best practices in hotels Best Antimalware Products Perimeter defense in the era of the perimeterless network Microsoft Security Essentials (MSE) shows no vision, expert says Security Patch Management Microsoft gives Internet Explorer a major security overhaul Information security book excerpts and reviews What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary brute force cracking  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) Crash Course: Spyware  (SearchSecurity.com) email spoofing  (SearchSecurity.com) phishing  (SearchSecurity.com) rootkit  (SearchMidmarketSecurity.com) social engineering  (SearchSecurity.com) Wired Equivalent Privacy  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary