Submission + - Highly critical IOS flaw found in Cisco IOS
ACMENEWSLLC writes: There are a lot of Cisco router admins on /., I assume. If you don't watch the security alerts, Cisco released a big one on the 24th.
Apparently, it is possible to DOS and/or reboot a Cisco router by sending special packets to it, such as special ICMP(ping) packets.
Hopefully this sounds worse than it really is, otherwise this could be bad for the Internet. Cisco is providing free IOS updates to resolve this, per the Cisco documents.
The Secunia alert is here;
http://secunia.com/advisories/23867/
The Cisco advisories are here;
http://www.cisco.com/warp/public/707/cisco-sa-2007 0124-bundle.shtml
http://www.cisco.com/warp/public/707/cisco-sa-2007 0124-crafted-ip-option.shtml
http://www.cisco.com/warp/public/707/cisco-sa-2007 0124-crafted-tcp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-2007 0124-IOS-IPv6.shtml
And CERT;
http://www.kb.cert.org/vuls/id/217912
http://www.kb.cert.org/vuls/id/274760
http://www.kb.cert.org/vuls/id/341288
Apparently, it is possible to DOS and/or reboot a Cisco router by sending special packets to it, such as special ICMP(ping) packets.
Hopefully this sounds worse than it really is, otherwise this could be bad for the Internet. Cisco is providing free IOS updates to resolve this, per the Cisco documents.
The Secunia alert is here;
http://secunia.com/advisories/23867/
The Cisco advisories are here;
http://www.cisco.com/warp/public/707/cisco-sa-200
http://www.cisco.com/warp/public/707/cisco-sa-200
http://www.cisco.com/warp/public/707/cisco-sa-200
http://www.cisco.com/warp/public/707/cisco-sa-200
And CERT;
http://www.kb.cert.org/vuls/id/217912
http://www.kb.cert.org/vuls/id/274760
http://www.kb.cert.org/vuls/id/341288