Cisco Confirms OS Security Holes
- By Stephen Swoyer
- June 05, 2007
Just when you thought it was safe to start planning your summer vacation, Cisco
Systems Inc. recently alerted customers to a spate of new vulnerabilities in
its Internetwork Operating System (IOS).
Late last month, Cisco confirmed the existence of multiple vulnerabilities
in IOS, along with separate flaws in IOS XR, its Cisco Firewall Service Module
(FWSM) and its Cisco Unified Call Manager (UCM) products.
According to Cisco, an attacker can trigger
an IOS system crash by crafting malicious SSL packets and passing
them along during the protocol exchange process. Attackers can craft malicious
ClientHello messages, Processing ChangeCipherSpec messages, and Processing
Finished messages, Cisco said.
In every case, according to Cisco, the big danger is DoS; at this point, none
of the SSL processing vulnerabilities have been linked to information disclosure
or system compromise, Cisco stressed.
Elsewhere, Cisco alerted customers to a vulnerability in a third-party cryptographic
library that's used by a number of Cisco products, including IOS, IOS XR and
Cisco's ASA/PIX, FWSM and UCM. Cisco devices are susceptible to attack if they're
running a vulnerable IOS release and at least one of the following: the Internet
Security Association and Key Management Protocol (ISAKMP), SSL (in some releases
of IOS), and Secure Shell (SSH).
An attacker exploits the flaw by passing a malformed Abstract Syntax Notation
One (ASN.1) object to a vulnerable device. Successful exploitation could trigger
DoS in the affected services, but not the whole device, Cisco said.
More seriously, Cisco warned, an attacker could conceivably exploit this vulnerability
without having either a valid certificate or valid application-layer credentials.
Cisco released software updates to patch both flaws.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.