Fix for Cisco flaw will be tricky |
 |
By Edward Hurley, SearchSecurity.com News Writer
18 Jul 2003 | SearchSecurity.com |
|
|
For the second time in as many days, a major vulnerability has been found in commonly used software. But patching the new flaw in Cisco routers and switches will be a little trickier than fixing Windows boxes.
"Both vulnerabilities are critical," said Dan Ingevaldson, engineering director for Internet Security Systems Inc.'s X-Force security monitoring operation. "But the Windows [flaw] is more of a threat to home users and individuals, while the Cisco flaw affects the critical infrastructure and enterprise-class companies."
The Cisco flaw lies in the way company's network operating system, IOS, processes IP version 4 (IPv4) packets. IOS is so pervasive that Cisco said in a security advisory that more than 100 of its products are susceptible to the flaw. The vulnerability could be used as part of denial-of-service attacks to shut down Web sites and network access points.
By contrast, the Windows flaw lies in the way Remote Procedure Call (RPC) is implemented in that operating system. Windows users can patch their systems to best protect themselves, but they can also block the port used by RPC.
Workarounds for the Cisco flaw aren't so simple, Ingevaldson said. Users of vulnerable systems should patch their systems as soon as possible, he said, noting that doing so is not a trivial task. "I am concerned about the pain patching may cause some companies, as it could affect systems," he said.
X-Force, for example, saw some minor disruptions Thursday. The disruptions were most likely the result of ISPs taking systems down to patch, Ingevaldson said.
If patching systems without disrupting them wasn't hard enough, there is another potential pain associated with the Cisco flaw. Companies may find it difficult to figure out which of their routers and switches are vulnerable, said George Kurtz, CEO of Foundstone Inc., Mission Viejo, Calif. "It's a huge task trying to track down all of them," he said.
The danger associated with not tracking down all susceptible systems makes the work worthwhile. The flaw can be exploited by sending some specially crafted IPv4 packets to affected systems, which would trick them into thinking they are full. The routers and switches would then stop processing traffic. Such systems are the plumbing of the Internet. Taking them out would also hobble Web sites and network-dependent activities.
There is a little good news about the Cisco vulnerability. Unlike the Windows RPC flaw, the IOS vulnerability won't likely be used by worm writers. The nature of the flaw doesn't lend itself to auto-propagation, Ingevaldson said. "But that's not to say a really nasty person won't flood the Internet with the malicious packets," he said.
FOR MORE INFORMATION:
SearchSecurity.com news exclusive: "Windows flaw ripe for worm, expert says"
Best Web Links on network security
|
