Cisco Flaw: Fears Ease

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,1200972,00.asp

By Dennis Fisher
July 22, 2003 

Despite fears that a flaw in the software that controls most of the
routers and switches in the Internet would lead to widespread attacks
and outages, security monitoring companies say they have seen little
indication of that happening.

The vulnerability, which affects nearly all of the routers and devices
running Cisco Systems Inc.'s Internetwork Operating System software,
was disclosed late last week, and a working exploit for the flaw hit
the Internet Friday. Security experts and network operators worried
that the ubiquity of Cisco's devices on the Internet and the easy
availability of exploit code would lead to mass attacks on vulnerable
routers.

But none of that has come to pass yet.

"It's been generally pretty quiet. The ISPs had pulled together and
gotten their patches and access control lists done," said Charles
Kaplan, senior director of research and MSS and information security
officer at Guardent Inc., a managed security services provider based
in Waltham, Mass. "We've been getting a lot of calls from clients
asking for advice, but no one has been screaming. It really looks like
the ISPs did their jobs."

The vulnerability arises from IOS' failure to correctly handle a
specific series of IPv4 packets sent to the device. When the sequence
of packets hits the device, the IOS mistakenly flags the input queue
on the network interface as being full. After a period of time, the
device will stop processing traffic.

The device can be forced to stop routing any traffic on any interface
and will require a complete restart to resume normal operation.

The big ISPs and network operators were among the first to know of the
vulnerability. Cisco, based in San Jose, Calif., quietly informed the
major Internet players on Wednesday, urging them to perform emergency
upgrades on their devices. Within the next 24 hours, Cisco issued an
advisory warning the public of the vulnerability and numerous security
vendors and research organizations followed suit.

Since then, network operators and IT staffs have been holding their
collective breath, waiting to see whether crackers would start
hammering on the new flaw. So far, the mad scramble to install patches
seems to have worked.

"It was a little scary on Wednesday when we were hearing rumors about
the vulnerability but Cisco hadn't disclosed it yet," Kaplan said.  
"But Cisco really stepped up and took care of it."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.