CertCities.com -- The Ultimate Site for Certified IT Professionals
Listen, See, Win! Register for a Free Tech Library Webcast Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets

CertCities.com
Let us know what you
think! E-mail us at:
 
 
...Home ... Editorial ... News ..News Story Tuesday: December 28, 2010


Cisco Is Bleeding


2/20/2007 -- Another week, another new vulnerability. Make that a round dozen of them.

Cisco Systems Inc. last week confirmed the existence of at least 12 new vulnerabilities across a range of different products and technologies -- including two that affect its IOS stack. In addition, Cisco warned of multiple vulnerabilities in its PIX, ASA and FWSM products.

The IOS flaws (which are native to IOS versions 12.3.x and 12.4.x) actually affect IOS' intrusion prevention system (IPS) capabilities, Cisco officials said.

For the record, Cisco acknowledged both a Fragmented Packet Evasion vulnerability and an ATOMIC.TCP Regular Expression DoS vulnerability.

An attacker can remotely exploit the former flaw without first authenticating or otherwise interacting with IOS, Cisco confirmed; the attack vector involves fragmenting malicious network traffic in such a way so as to evade detection by IPS signatures that depend on regular expressions to identify attacks. The second flaw, too, can be remotely exploited without user interaction. Its attack vector is occasioned by the use of IP traffic that triggers signature 3123.0 -- i.e., NetBus Pro Traffic -- which (in some cases) can cause the IOS IPS device itself to fail. The most effective workaround, Cisco officials said, is to disable signature 3123.0 in the IOS IPS configuration.

Elsewhere, Cisco identified new vulnerabilities in its PIX, ASA and FWSM products, most of which result in DoS -- and at least one of which can result in remote code execution. For the record, Cisco officials acknowledged the existence of 10 new vulnerabilities in its PIX, ASA and FWSM offerings, including:

  • A Malformed HTTP Request vulnerability (designated Cisco Bug ID CSCsd75794) that results in DoS. This flaw affects all PIX, ASA and FWSM products. The likely attack vector is TCP port 80 in traffic which transits a device.
  • A Malformed Session Initiation Protocol (SIP) messages vulnerability (designated Cisco Bug IDs CSCsg80915, CSCse27708, CSCsd97077) that results in DoS. All PIX, ASA and FWSM products are affected. The likely attack vector -- which involves spoofed packets -- is UDP port 5060.
  • A Malformed Auth-Proxy Requests using HTTPS vulnerability (designated Cisco Bug ID CSCsg50228) that results in DoS. Cisco's FWSM product is affected. The likely attack vector is SSL TCP port 443.
  • A Long Auth-Proxy Request Vulnerability (designated Cisco Bug ID CSCsd91268) that could result in DoS or remote code execution. Cisco's FWSM product is affected. Likely attack vectors are TCP ports 80 and 443. This vulnerability is configuration related and Cisco declined to provide additional information.
  • A Device-Directed Packet Processing DoS vulnerability (designated Cisco Bug ID CSCse85707). Cisco's FWSM product is affected.
  • A Device-Directed HTTPS Processing DoS vulnerability (designated Cisco Bug ID CSCsf29974). Cisco's FWSM product is affected. The likely attack vector -- once again -- is TCP port 443 (SSL).
  • A Malformed SNMP Request DoS vulnerability (designated Cisco Bug ID CSCse52679). Cisco's FWSM product is affected. The likely attack vector -- which involves spoofed packets -- is UDP port 161.
  • A Malformed TCP Packet DoS vulnerability (designated Cisco Bug ID CSCsh12711). Cisco's ASA and PIX Firewall products are affected. The attack vector is an inspected TCP stream, Cisco said.
  • A Local Privilege Escalation Vulnerability (designated Cisco Bug ID CSCsh33287). Cisco did not say which platforms are affected.
  • An Access Control List (ACL) Corruption vulnerability. Cisco did not say which platforms are affected. This vulnerability is configuration related and Cisco declined to provide additional information.

-- Stephen Swoyer

There are 6 CertCities.com user Comments for “Cisco Is Bleeding”
Page 1 of 1
2/21/07: ron from Philadelphia says: I love it! It's about time that these vulnerabilities in their OS were recognized. Businesses IT departments have always felt safe going with Cisco and I think it's time we looked at alternatives. Extreme has had the modular OS on their core switches for 4 years and now runs their edge switches as well.
2/21/07: John from Seattle says: Single vendor solutions are inherently at odds with a defense in depth. Moreover it requires a single vendor to be best at everything - is anyone so naïve to believe that?
2/23/07: Jim from Atlanta says: We got rid of Cisco in late 2005 - best thing we ever did.
2/24/07: James from London says: The hackers have moved on from the computers to the network. It just shows that the high profile Cisco has makes them vulnerable and it may be worth considering a lower profile vendor, so long as everything else adds up.
2/27/07: not james from internet says: james, the network is the computer and has always been the target. obscurity is not security.
9/25/07: James from London says: That is blatantly cr@p. The network is the route to the computers.
Your comment about: “Cisco Is Bleeding”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top
Home | Microsoft® | Cisco® | Oracle® | A+/Network+" | Linux/Unix | MOS | Security | List of Certs
Advertise | Contact Us | Contributors | Features | Forums | News | Pop Quiz | Tips | Press Releases | RSS Feeds RSS Feeds from CertCities.com
Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. CiscoÆ and Cisco SystemsÆ are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. OracleÆ is a registered trademark of Oracle Corp. A+Æ, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.
Reprints allowed with written permission from the publisher. For more information, e-mail
Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute
E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | FTPOnline.com | Government Health IT
IT Compliance Institute | MCPmag.com | Recharger | Redmond Developer News | Redmond | Redmond Events | Redmond Channel Partner | Redmond Report
TCPmag.com | T.H.E. Journal | Virtualization Review | Visual Studio Magazine | VSLive!
Copyright 1996-2009 1105 Media, Inc. See our Privacy Policy.
1105 Redmond Media Group