Security checks crash Cisco routers

[InfoSec News <isn () C4I ORG>]

http://www.vnunet.com/News/1104718

John Leyden , Monday 26 June 2000

Red-faced networking giant Cisco has been forced to warn customers
that its routers can crash when tested for security vulnerabilities by
security scanning software programs.

The defect, due to a fault in Cisco's IOS (Internet Operating System)
software, can be exploited repeatedly to produce a consistent denial
of service (DoS) attack, Cisco has admitted. The defect first came to
light two months ago but is still an issue in the field, so Cisco has
issued a reminder to customers.

Cisco customers using the affected IOS software releases - which
include 11.3AA, and a number of 12.0 releases up to and including
12.0(6) - are urged to upgrade as soon as possible to later versions,
which are not vulnerable to the defect.

Richard Stagg, senior security architect at Information Risk
Management, said Cisco is blaming security tools when the problem is
far wider.

"Cisco is obfuscating the fact that its routers have a weakness to
denial of service attacks," said Stagg. "The idea that these denial of
service attacks can be triggered by security scans is even more
embarrassing."

The DoS aspect of the flaw was discovered by several different Cisco
customers while they were conducting security scans of their networks.
However, Cisco said it has still received no reports of malicious
exploitation of the flaw.

Cisco's advisory states: "The described defect can be used to mount a
consistent and repeatable denial of service attack on any vulnerable
Cisco product, which may result in violations of the availability
aspects of a customer's security policy. This defect by itself does
not cause the disclosure of confidential information nor allow
unauthorised access."

The flaw in IOS is exposed when unspecified security scanners test for
the presence of two specific vulnerabilities that affect certain
Unix-based systems. These vulnerabilities are unrelated to Cisco IOS
software. However, a side effect of the tests means that a router can
crash without warning.

During the test, the scanning program invokes the Telnet Environ
option, #36, before the router is ready to accept it. This causes the
router to reset itself unexpectedly.

In lieu of a software upgrade, Cisco has also detailed workarounds.
These involve setting up an interactive log-in capability without
using the Telnet service, thus mitigating the threat.

This vulnerability affects a wide range of Cisco's hardware line
including series access servers, routers, access products and voice
gateway products running vulnerable software.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".