Cisco confirms DoS vulnerability in IOS
Cisco has now published an official security advisory for the DoS vulnerability in IOS reported some four weeks ago. A buffer overflow occurs in the handling of the "show ip bgp regexp" command when processing expressions that contain repetition operators ('*') and such pattern recalls as "\1" and "\2". As a result, the router reboots and has to reconstruct its BGP routing table, among other things.
While access to a Cisco router's command line is required for such an attack, Internet service providers offer what are called "public route servers", which generally allow this without authentication. In addition, Looking Glass Servers can also be brought down by such means.
Cisco says that IOS versions 12.0, 12.1, 12.2, 12.3 and 12.4 contain the flaw. There is no update, nor does the vendor have a workaround. Four weeks ago, the Product Security Incident Response Team proposed activating the "Deterministic Regular Expression Engine".
- Reload on Processing a Command Including a Regular Expression, Cisco Security Response
- DoS vulnerability in Cisco IOS compromises Internet routers [Update], report at heise Security
(mba)