Cisco flaw opens networks to attacks

A router software bug could lead to denial-of-service attacks--but only techies could launch one, an analyst says.

Cisco has warned in a security advisory that some networks with its routers could be vulnerable to denial-of-service attacks.

The problem is in the processing of packets sent to a Cisco router that has been configured for the Open Shortest Path First (OSPF) protocol, the company said in a security advisory released Wednesday. If the router receives a malformed packet, it will take a while to reset. Attackers could flood networks with packets that cause routers to constantly reboot. The flaw is limited to versions 12.0S, 12.2 and 12.3 of Cisco's Internetwork Operating System routing software.

Jon Oltsik, a network security analyst at the Enterprise Strategy Group, said the vulnerable versions and configuration are in common use and that the effects of a successful attack could be devastating to an enterprise.


News.blog

Our reporters' take on what's
happening in broadband.


"If a hacker puts a certain request to the main router, then it could shut down the whole network," Oltsik said. But he believes that in practice, the vulnerability requires both inside knowledge and Cisco expertise, which should limit the number of attacks. The most likely threat will come from former staff with a grievance, he said.

"It's not like a Microsoft vulnerability that anyone with Internet access can exploit. You need specific knowledge to exploit this. An attack is most likely to come from a rogue employee who knows the configuration of the company's Cisco routers," Oltsik said.

Cisco said Thursday that it's unaware of any exploitations of the vulnerability.

Cisco has provided a patch for the security flaw and has also provided several workarounds for the problem, such as using OSPF authentication as a workaround. It is also recommending that customers update their routers with a free software patch, available by e-mailing its support center at tac@cisco.com. The full Cisco advisory has been posted to its Web site.

Ingrid Marson of ZDNet UK reported from London. CNET News.com's Marguerite Reardon contributed to this report.

Featured Video

Apple dethroned as world's most highly valued company

An old foe with a new name took the title away from Cupertino. Also, Yahoo's looking at yet another big shake-up.

by Iyaz Akhtar