The bad code in Cisco's Internetworking Operating System could crash almost all variations of Cisco's routers--which transfer the vast majority of traffic on the Net--since the software in question essentially acts as the "brains" for the company's networking hardware. A fix for the error has been posted on the company's Web site.
All Cisco routing devices that are running "classic" Cisco IOS are vulnerable. Certain commands typed in by a user during a series of prompts to gain access to a router could facilitate a crash and subsequent restart of the device, according to Peter Long, vice president of marketing for IOS. The company would not disclose what prompts would trigger a crash, citing security reasons.
Long said the error in the IOS code has remained for some time without being found and could account for a series of random crashes in Cisco's routers reported by customers. Long, however, dismissed the seriousness of the issue.
"It's a bug that has existed for many years," Long said. "It's not a big deal."
He said the company has received no "recorded instances" of anyone coming under attack from a hacker due to the software glitch. Most vulnerable are routers that provide access to the Net for corporations or service providers, since they are potentially accessible by networked users, he said.
Cisco IOS version 10.3 and below are not covered by the fix. A workaround is recommended for those older router installations, the company said.
This error in Cisco's software does not relate to the so-called "Land Attack" found in a variety of software from several companies last December, according to the company. Nor was it the cause of this spring's networking outage at AT&T.